The Reveal Platform
Intel Name: Phishing technique to copy/paste authentication tokens from browser cache
Date of Scan: December 19, 2025
Impact: High
Summary: This campaign has been active since at least September 2025 and leverages multiple web hosting platforms. Instead of harvesting usernames and passwords, the phishing pages employ an alternative approach. An embedded video guides victims to extract authentication tokens from their browser cookies and paste them into a pop-up form under the guise of verification. The video concludes by advising users not to log out for at least 24 hours, ensuring the tokens remain valid.
