publishing date icon
March 2, 2023
read time icon
5 min. read

Confidential message notification steals users credentials using compromised business email accounts

Post hero image

Table of contents

share this post

A concerning new phishing trend is circulating in the Nordics, where emails that appear to inform the recipient of a confidential message are being sent from compromised business email addresses (BECs). While BEC campaigns have typically used email templates that notify of a shared document, recent campaigns in the Nordic region have begun utilizing templates that resemble the Deltagon-secured confidential message notification.

This is particularly concerning because the Deltagon secure communications solution is widely used by both local authorities and commercial entities, and is therefore easily recognizable by many.

What makes this phishing campaign particularly dangerous is that the emails are typically well-formatted, and in some cases, they are indistinguishable from a legitimate confidential email notification. Furthermore, these messages can appear relevant to a large number of individuals within an organization, unlike an email informing of a document share, which may seem unexpected or irrelevant and therefore raise immediate suspicions. What’s more, people may not associate these types of notification messages with phishing attempts, which makes them more dangerous - particularly if they are formatted to resemble the notifications sent by legitimate entities.

Additionally, these types of messages can evoke curiosity in the recipient, leading them to click on the malicious link.Let’s take a look at these examples:

The emails typically inform the recipient that they have received a confidential message that they can access by clicking on a link. The link often leads to a malicious website containing a credential harvester.

Off the hook – How to detect the attack and protect your organization from it

It's important to exercise caution when receiving unexpected messages. Whether it's an email, text message or social media notification, you should be wary of clicking on any links or responding to any requests. In particular, if you receive a message from an unknown sender or with a suspicious subject line, it's best to approach it with caution. One effective way to verify the legitimacy of a message is to hover over any links and check if they lead to a reputable website or not. By taking these simple steps, you can avoid falling prey to phishing scams and protect your personal information and data.

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.