Meta Impersonation Email
Hox rating: ★★★✩
Threat type: Advanced campaign
Region: Global
Analyst: Reetta Sainio
Date: 20.4.2023
This phishing email was sent in the name of Meta Platforms Inc. It targets businesses by claiming their accounts violate intellectual property rights, resulting in temporary restrictions.

Victims are redirected to an alarmingly authentic-looking site ‘metaforsupport.com’, where they unknowingly give sensitive information in an attempt to resolve the issue.

The attack exploits users’ trust in platform policies, making it especially dangerous and effective.

eFax Phishing Campaign
Hox rating: ★✩✩✩
Threat type: Bulk phishing
Region: Global
Analyst: Jon Gellin
Date: 20.4.2023
This phishing message, disguised as an eFax notification, informs the recipient of a document sent to them. The email contains a call to action, urging the user to click a provided link to view the document.

The malicious actors have included a fake email banner for added legitimacy, claiming the email sender is verified.
Upon clicking the link, the user is sent to a malicious website designed to harvest sensitive information, such as login credentials.
SAP Impersonation
Hox rating: ★★✩✩
Threat type: Advanced campaign
Region: Global
Analyst: Minna Herlevi
Date: 21.4.2023
This phishing email is attempting to impersonate SAP using domain spoofing. But the malicious actors mistakenly spoofed the sender domain to DocuSign, so it's quite easy to spot.

The payload itself uses an open redirect to make the link look like it's going to YouTube, but in reality, it leads to a credential harvester at a completely different URL.
.png)
Booking.com Impersonation
Hox rating: ★★✩✩
Threat type: Advanced campaign
Region: Global
Analyst: Suvi Hakala
Date: 21.4.2023
This phishing email attempts to impersonate the online travel agency Booking.com with a flash attack using a newly registered lookalike domain. The email claims the recipient received a travel credit reward expiring shortly and asks them to claim it by clicking the provided link.

The link redirects the user to a malicious site for harvesting personal information and banking credentials. The theme of this phishing campaign is timely with upcoming summer vacations.
Keep up with the threat feed
Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!