![]() ![]() This includes social engineering, as the email title, content, and sender name have been designed to create a sense of “trust and urgency in the victims,” wrote Armorblox’s Mark Royall in a blog post.Īnother technique used in this campaign is brand impersonation. Image via Armorblox Techniques Used in the AttackĪ range of techniques has been used to evade conventional email security filters and lure unsuspecting users. Last year, Infosec analyst Laur Telliskivi reported about the same domain being used in phishing attacks. The email sender domain is a web hosting services provider called ‘valueserverjp.’ This domain is based in Japan. It already contains the victim’s email address to create a sense of legitimacy around the entire process. ![]() When the victim clicks on View Files, the link leads them to a phishing page supposedly of Microsoft Excel.įurthermore, it features a blurred-out spreadsheet as the background, and a form is displayed in the foreground that requires the victim to enter login credentials. ![]() The email body reveals that WeTransfer has shared two files with the victim, and there’s a link to view them. SEE: ‘Zoom account suspended’ phishing scam steals Office 365 credentials The email body also makes several references to the target organization to appear legitimate. The similarity is enough to come across as a genuine WeTransfer email and can easily deceive unsuspecting users. ![]() The phishing email appears to be sent by WeTransfer as it bears the sender name Wetransfer and has the title View Files Sent Via WeTransfer. It is worth noting that WeTransfer is used for sharing files that are too large to be sent via email. The primary aim of this attack is to retrieve the victims’ Office 365 email credentials.
0 Comments
Leave a Reply. |