Detects a phishing kit targeting square-enix.com with a fake FFXIV forum gil giveaway. Phishing kit consists of two pages, a forum page and a login page.
title: Square Enix FFXIV Gil Phishing Kit
description: |
Detects a phishing kit targeting square-enix.com with a fake FFXIV forum gil giveaway.
Phishing kit consists of two pages, a forum page and a login page.
references:
- https://urlscan.io/result/654111fb-82ac-4973-880f-bbaec82694b9/
- https://urlscan.io/result/67b4fe92-f667-4201-a310-2cd2cf72af8a/
- https://urlscan.io/result/9e171326-b335-498c-a68f-63e1e16a4499/
- https://urlscan.io/result/e056ca66-5288-4fb6-8a47-06e03b0f1eba/
detection:
forumScam:
html|contains|all:
- 'threads/429347-Healers-and-6.0-What-we-can-learn-from-AST-and-what-I-d-like-to-see-going-forward'
- '300M Gil Raffle'
loginPage1:
html|contains|all:
- '.php" method="post"'
- 'Square Enix ID'
- 'Square Enix Password'
- 'One-Time Password'
- 'name="key_value"'
loginPage2:
html|contains|all:
- '<form id="loginForm" name="login" method="post" action="'
- '.php">'
- 'Square Enix ID'
- 'Square Enix Password'
condition: forumScam or loginPage1 or loginPage2
tags:
- kit
- target.square-enix