Hackers are improving phishing attacks by having you chat with 'sock puppets'

pcgamer.com:

Hackers are launching more sophisticated phishing attacks. This time it's not just posing as your IT guy sending you suspicious links through email. This new scam involves using fake 'sock puppet' email accounts to trick you into thinking you are part of conservation among colleagues. 

Researchers at Proofpoint(opens in new tab) (via Bleeping Computer(opens in new tab)) call the technique «multi-persona impersonation,» or MPI. The technique involves looping the target into a fake email exchange between multiple scammer personas in an attempt to convince them that it's a legitimate conversation. Once trust is gained, sometimes after engaging in «benign conversations with targets for weeks,» according to Proofpoint, the hackers deliver a malicious link.

The email exchange will be related to the target's industry or field of research so that being included in the chain won't necessarily seem out of the ordinary. 

The group responsible is designated TA453, which Proofpoint believes works for Iran's Islamic Revolutionary Guard Corps. The group's tactics have evolved over time. Previously, TA453 attackers would pose as individual journalists or researchers covering Middle East policies, targeting «academics, policymakers, diplomats, journalists, and human rights workers» says Proofpoint. They'd try to engage the targets in one-on-one conversations but started using this group email sock puppet strategy earlier this year.   

Steam Deck review(opens in new tab): Our verdict on Valve's handheld PC.Steam Deck availability(opens in new tab): How to get one.Steam Deck battery life(opens in new tab): What's the real battery life of the new device?How loud is the Steam Deck?(opens in new tab) And will it pass the Significant Other