The landing page again includes a sample fax image, Caller ID and reference number, and again tells recipients to “View Document.” Hundreds of these phishing landing pages have been detected and are hosted on digital publishing sites like Joom, Weebly and Quip, they said.Ī sample phishing email. The embedded URLs redirect to fake, never-seen-before Microsoft Office 365 phishing pages, said researchers.
“The reason the bypass works is because the compromised email addresses are known and trusted by the organization based on prior and legitimate communications.” The email appears to be legitimate and even has a tag at the bottom that markets eFax’s plans, telling recipients: “Tip: Switch to an annual plan – it’s like getting 2 months free every year! Call (800)958-2983 or email above example is one of many similarly crafted campaigns that originate from multiple compromised accounts,” said researchers. The email also tells recipients to “click the attachment to view” and contains a link in a button that says “View Documents.” One sample email uses the legitimate eFax branding and has an email title: “Doc(s) Daily delivery #-0003351977.” It tells recipients, “You have a new fax!” and includes a small picture that is a sample image of a fax the recipient apparently received.
The email impersonates businesses like eFax, which is an internet fax service making it easy to receive faxes via email or online. The attack starts with a lure convincing email recipients that they received a document. “The widespread use of hundreds of compromised accounts and never-seen-before URLs indicate the campaign is designed to bypass traditional threat intelligence solutions accustomed to permitting known but compromised accounts into the inbox,” said researchers with Abnormal Security, in a Monday analysis.
0 kommentar(er)
