SpaceX is preparing for a record initial public offering, and cybercriminals are taking note. 👀 

Our researchers have observed TA2730 using #SpaceX’s upcoming IPO in fraudulent emails to lure targets into handing over their credentials to investment platforms.

The campaigns impersonated two financial firms, CommSec and FSM One, to target people in #Australia and #Singapore. The messages purported to invite people to apply for eligibility to purchase SpaceX stock.

Emails contained a URL that led to counterfeit authentication pages designed to harvest user credentials.

🚨 About TA2730: This threat actor is opportunistic and financially motivated, focused on obtaining credentials from the financial sector. It targets organizations globally and usually uses lures related to the "W-8BEN" form, a U.S. tax form for non-U.S. taxpayers.

The SpaceX lure is a departure from TA2730’s typical #socialengineering. But given the attention and hype around the upcoming market debut, this could be an alluring lure, especially to those already customers of the impersonated trading platforms. 

⚠️ Beware of cybercriminals exploiting high-profile stock market debuts and other anticipated technology-sector listings, which may serve as effective social engineering lures.

#stock #stockmarket #emailfraud #TA2730 #cybersecurity

---

TA2730 Phishing Domains:

467jtzbkqcfl22t9hxh[.]live
ddgaoylh4h420fvm7o5[.]live
u7aq3ocwrexd70ulpdj[.]live
zavpejjyz432d577l2e[.]live
8fv4dxp7lx035f8ylk7[.]live
cd7yt860whhm7g7ylj8[.]live
g8iqelymkc4eya9zs49[.]live
hy0zu0fuf7rc2ou5aje[.]live
k1rg2oz4zpzw91pdx90[.]live
ogqw9cpz7t7et3j1rur[.]live