publishing date icon
May 12, 2023
read time icon
5 min. read

Threat feed week 19: DocuSign, Lufthansa, Power BI, and more impersonation emails

Post hero image

Table of contents

share this post

DocuSign impersonation email notification

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Credential harvester link

Region: Global

Analyst: Verna Kuusniemi

Date: 09.05.2023

This email is a spoof of the DocuSign e-signature service.

Signature Required: Agreement From at 5/2/2023 3:18:41 PM From: Signature I DocuSign You have received a document to review and sign today! REVIEW DOCUMENT

It asks the recipient to read over and sign a document. When they click the link, they get directed to a malicious website.

Chatter internal service impersonation

Hox rating: ★★★✩  

Threat type: Advanced campaign

Payload: Malicious link

Region: Global

Analyst: Reetta Sainio

Date: 10.05.2023

This phishing email is designed to look like it's coming from Chatter, a social network and collaboration platform for businesses. To appear more convincing, the email includes the recipient’s full name, company, email address, and job role.

[Job role] — [Full name] [First name], new documents were uploaded to your personal dashboard in [Company] Chatter! View/Comment You're receiving International emails. To change or turn off [Company] email, log in as [Email]_.

Additionally, the email is designed to look like a genuine notification from the service, making it harder to detect as a scam.

Lufthansa impersonation

Hox rating: ★★✩✩  

Threat type: Bulk phishing

Payload: Malicious link

Region: Europe

Analyst: Minna Herlevi

Date: 05.10.2023

This email is pretending to be from Lufthansa, warning you that your Lufthansa points will expire in the next 24 hours. It attempts to create a sense of urgency by making it seem like the recipient will lose their hard-earned points if they don't act now.

Miles & More Sehr geehrte Damen und ist eine freundlÉhe Erinrwrung, dass Ihre 7500 Punkte in den nachsten 24 Stunden verfallen Sie können Ihre Meilen sofort in eVmlcher Bargeld umwandeln' Was zu tun ist ? Wählen Sie Punkto zum Konvertören Sofort zu Bargeu Jetzt konvertieren hinweis: Der Vorgang-dauert 3 Minuten, Miles-And-Nore-Kreditkarte 2023

In addition to the urgency, their legitimate logos can make the email somewhat difficult to spot.

Lottery winning advance fee phishing email

Hox rating: ★✩✩✩ 

Threat type: Bulk phishing

Payload: Pretext

Region: Europe

Analyst: Julia Kylmälä

Date: 05.11.2023

The email claims to originate from a lottery winner who has chosen to donate money to the recipient.

We are Joe and Jess Thwaite trom UK and we won a record- breaking E184,261,799 in the UK's biggest ever EuroMillions lottery on August 18, 2022. We are giving donation to 10 randomly selected emails as a sign of appreciation for what God did for us and yours is one of the eman we selected trom a raffle draw. We are donating the sum of ESOO, 000(Five hundred thousand great britain pounds) to you and your love once. Contact us through our email to claim your donation.

It relies on the recipients’ greed to get them to make contact, upon which an advance fee would be needed to get the promised money.

MS Power BI internal service impersonation

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Global

Analyst: Suvi Hakala

Date: 12.05.2023

This phishing email looks like a genuine Microsoft Power BI notification encouraging the receiver to click it.

Power Bl Weekly Cash Report The Weekly Cash Report has now refreshed and is ready for viewing. Go to report > You're receiving this email because reporting@[company] subscribed you to the 'Management Personnel' page of the 'Weekly Cash' report. The image above was generated at Wednesday, 8 March 2023 14:48:51. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052


It notifies the user of a cash report available for them, which is an intriguing topic. The email is sent from a compromised email address.

Keep up with the threat feed

Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.