Threat feed week 17: Tinder, DHL, and Google Drive PDF impersonations

Voice message phishing email

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious attachment

Region: Global

Analyst: Verna Kuusniemi

Date: 26.04.2023

This email’s subject line urges the receiver to listen to their voice message.

The email message only includes an HTML file. The file contains a credential harvester mimicking the Microsoft Outlook login screen, prompting the user to sign in.

DHL package delivery impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Verna Kuusniemi

Date: 26.04.2023

This message is a classic package delivery phish. It urges the recipient to update their delivery information to receive their package delivery.

When the user clicks the link provided, they're sent to a credential harvester.

Google Drive PDF email notification hijacking

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Jon Gellin

Date: 28.04.2023

This email informs its recipient of a PDF file shared with them. The PDF then contains a link to a fraudulent cryptocurrency website.

As the email is a notification sent by Google, it easily passes through most spam filters, landing straight in the recipient’s inbox.

Tinder match impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Jon Gellin

Date: 28.04.2023

This email informs the receiver of a new Tinder match, hoping to weaponize their curiosity.

But hovering on the link reveals that it leads to a fake site designed to harvest email credentials instead of Tinder.

Keep up with the threat feed

Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!