{
	"id": "970a4c66-ae20-492f-83c1-6251bed810f5",
	"created_at": "2026-04-06T00:21:25.081103Z",
	"updated_at": "2026-04-10T13:12:51.945881Z",
	"deleted_at": null,
	"sha1_hash": "b44cc68eab0a5a7a4dfaf564219e98586a788755",
	"title": "Hackers Try to Phish United Nations Staffers With Fake Login Pages",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35244,
	"plain_text": "Hackers Try to Phish United Nations Staffers With Fake Login\r\nPages\r\nBy Michael Kan\r\nPublished: 2019-10-24 · Archived: 2026-04-05 23:44:59 UTC\r\nHackers have been creating fake login pages for United Nations websites in an effort to steal the passwords of\r\nofficials at the UN and its humanitarian groups.\r\nSome of the malicious pages remain live today, according to the security firm Lookout, which spotted the phishing\r\ncampaign. The pages masquerade as login portals for the United Nations, the UN World Food Programme, and the\r\nUnited Nations Children's Fund (UNICEF), among others. But they are fake pages designed to record whatever\r\nthe user types into the login fields and send that information to hacker-controlled servers. The \"sign in\" button\r\ndoes not even have to be clicked; keylogging occurs the moment the user begins typing into the login field.\r\nThe sites also adjust based on whether they're accessed on PCs or smartphones. \"Specifically, Javascript code\r\nlogic on the phishing pages detects if the page is being loaded on a mobile device and delivers mobile-specific\r\ncontent in that case,\" Lookout researcher Jeremy Richards wrote in the company's report. \"Mobile web browsers\r\nalso unintentionally help obfuscate phishing URLs by truncating them, making it harder for the victims to\r\ndiscover the deception.\"\r\nLending the fake login pages more credibility is how they can use valid SSL certificates. As a result, the browser\r\nwill show a padlock button in the web address bar when the malicious login page loads up. Although some of the\r\nhttps://www.pcmag.com/news/hackers-try-to-phish-united-nations-staffers-with-fake-login-pages\r\nPage 1 of 2\n\npast SSL certificates have expired, Lookout uncovered six fake login pages from the hackers that still run valid\r\ncertificates. (The full site of discovered phishing pages can be found in Lookout's report.)\r\nHow the hackers were delivering the fake login pages to potential targets remains unknown at this point. But\r\nLookout speculates it was likely through messages sent via social media, email, or SMS text.\r\nThe internet infrastructure behind the fake login pages has been live since March. Other fake login pages\r\nmasqueraded as login portals for Washington DC-based Heritage Foundation think tank, the University of\r\nCalifornia, San Diego, along with the German websites for Yahoo and AOL.\r\nLookout uncovered the phishing campaign through its \"Phishing AI,\" which continuously scans the internet for\r\nsuspected malicious websites. The security firm has reported the phishing pages to the UN and the law\r\nenforcement. So far, the United Nations hasn't commented on the report and whether it's suffered any breaches\r\ntied to the phishing campaign.\r\nThe fake login pages are a reminder to be careful around your inbox and chat messages. A favored tactic of\r\nhackers is sending a message claiming to come from a major internet company, such as Google, Facebook or\r\nNetflix, about how there's something wrong with their online account. The email will then contain a link to a fake\r\nlogin page that'll record the victim's keystrokes. So to stay safe, it's good idea to check the web address on any\r\nlogin page to make sure you're visiting the official domain. For more, check out our tips to avoid phishing scams.\r\nSource: https://www.pcmag.com/news/hackers-try-to-phish-united-nations-staffers-with-fake-login-pages\r\nhttps://www.pcmag.com/news/hackers-try-to-phish-united-nations-staffers-with-fake-login-pages\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.pcmag.com/news/hackers-try-to-phish-united-nations-staffers-with-fake-login-pages"
	],
	"report_names": [
		"hackers-try-to-phish-united-nations-staffers-with-fake-login-pages"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434885,
	"ts_updated_at": 1775826771,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b44cc68eab0a5a7a4dfaf564219e98586a788755.pdf",
		"text": "https://archive.orkl.eu/b44cc68eab0a5a7a4dfaf564219e98586a788755.txt",
		"img": "https://archive.orkl.eu/b44cc68eab0a5a7a4dfaf564219e98586a788755.jpg"
	}
}