Credential phishing Charles Schwab account holders with 2FA bypass

Sublime's Attack Spotlight series highlights real-world email threats, focusing on credential phishing and brand impersonation tactics, specifically within Google Workspace environments. A recent case involved a sophisticated phishing attempt mimicking Charles Schwab, where attackers used CAPTCHA redirection and a fake login page to harvest credentials. They incorporated two-factor authentication (2FA) by prompting victims to enter their phone numbers, which attackers then used to trigger a legitimate authentication SMS, capturing the code to complete the fraudulent login. Sublime's AI-powered detection engine identified these attacks through several indicators, including unusual sender domains and language aimed at credential theft. The platform offers a suite of tools to prevent such phishing attempts, allowing users to customize threat handling within their environments, and continues to expand its detection capabilities to cover a broad range of brand impersonation scenarios.