How attackers are adopting Henry Ford principles
Phishing with man-in-the-middle http server allowing to capture credentials, bypass 2-factor authentication is a common practice, but attackers started to cooperate once they find a victim. They share captured session cookie, split the tasks on victim user account and perform all activities in very effective and timely manner. Sharing session cookies also bring new challenges for incident investigators.