Journalists in Mexico were shaken by a new cyber security alert after receiving emails with malicious links from an official address of the political party Morena. The leak, which apparently comes from a former employee in Spain, has not yet been resolved by the Attorney General's Office (FGR).
At least four journalists reported receiving a suspicious email with a fraudulent link, raising concerns about a possible phishing campaign targeting critical communicators of the government. The message was sent from an account resembling another used by the party to respond to requests through the National Transparency Platform, giving it legitimacy in the eyes of the recipients.
The fraudulent email presented a document simulating an invoice for a significant amount of money, urging the recipient to acknowledge the charge before a deadline. This strategy sought to create urgency and fear of an unauthorized transaction, common in phishing attacks to induce victims to act quickly.
The link included in the email led to a website associated with the domain secureserver[.]net, previously reported in other phishing incidents. Cybersecurity experts have warned about the increasing use of this domain to distribute malware, especially targeting financial institutions in Latin America.
Given the growing sophistication of phishing attacks, it is important for journalists and other recipients to verify the authenticity of the emails they receive, especially those containing links or requests for personal information. Implementing security protocols like DMARC can be crucial to prevent impersonation and protect the reputation of organizations.
Although the domain used in the attack legitimately belongs to Morena, there is no definitive evidence directly involving the party in the phishing campaign. It is important to highlight that the lack of certain security measures on Morena's domain facilitates impersonation, which may have been exploited by the attackers in this case.
