A poorly written phishing campaign targeted tech journalists over the weekend in an attempt to get email credentials.
The phishing email appears to have been sent from a compromised venture capital firm called ff. The email was set to the firm’s press contacts list.
Reporters have contacts in venture capital firms, government and business.
If any fell for the phishing scam, it would provide access to an email account and a contacts list of people who would trust messages from it — a perfect stepping stone to attack CEOs, business backers and government officials
The phishing email sent reporters to a purported Google Docs login.
According to Steve Ragan, who wrote about the email on the corporate cybersecurity industry website CSO Online, “the landing page is where this scam falls to pieces. It's a comical disaster. Riddled with errors, no sane person would believe they're looking at a Google Docs login page at this point.”
But, wrote Ragan, “what happens when someone takes their time and puts some effort into the operation? If you guessed anything other than complete success, you're wrong.”
On Twitter, Ragan explained that six other reporters confirmed to him that they received the email.
For its part, ff quickly acknowledged to its contacts it had been compromised and offered free credit monitoring to victims.