I remember reading about one method where they served up their own versions of Facebook when requested from a target from compromised hosts that are near that target as a way to collect credentials.
I forget the name of that method, but according to the documents it was used to target sysadmins. Though if you use a password manage with unique passwords for every service that should help protect you.
I forget the name of that method, but according to the documents it was used to target sysadmins. Though if you use a password manage with unique passwords for every service that should help protect you.
For more details: https://firstlook.org/theintercept/document/2014/03/20/hunt-...