Phishing has taken on many forms over the years, from emails to SMS, it seems like there are many avenues of attack. I just got sent a very creative phishing email today so let's investigate it!
This first email was from Eventbrite, a fairly popular ticket/event company similar to StubHub or Ticket Master, albeit lesser known. You can use their free service to create no-charge events, which is an event my account was added to.
As you can see it was a free event and clearly, someone with old credentials of mine were able to add my account to that event. (Just to note, my EventBrite account was from my middle school days and has since been deleted.)
Following this email, get a "Coinbase" email that uses the EventBrite email domain. That was very confusing since I closed my Coinbase account a long time ago. It seems like the attacker was trying to use a legitimate domain address to bypass spam/phishing filters to get these emails to their victim's mailboxes.
While writing this article, I was hit with another malicious Coinbase Security email!
The reason the email sender says "Base Security" is because the organizer's name is named as such.
It seems like many people are probably getting attacked through this vector as you can see by the handful of events this event organizer has created all at the same smokehouse in the UK called Big Jay's Smokehouse.
Now, going to the link in my sandbox, you can see that this website harvests seed phrases from its victims.
Feel free to fill the domain with random seed phrases if you want! This has been reported to Eventbrite and to the abuse email of the web domain service the website was purchased on.