DocuSign impersonation email notification
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Credential harvester link
Region: Global
Analyst: Verna Kuusniemi
Date: 09.05.2023
This email is a spoof of the DocuSign e-signature service.
It asks the recipient to read over and sign a document. When they click the link, they get directed to a malicious website.
Chatter internal service impersonation
Hox rating: ★★★✩
Threat type: Advanced campaign
Payload: Malicious link
Region: Global
Analyst: Reetta Sainio
Date: 10.05.2023
This phishing email is designed to look like it's coming from Chatter, a social network and collaboration platform for businesses. To appear more convincing, the email includes the recipient’s full name, company, email address, and job role.
![[Job role] — [Full name] [First name], new documents were uploaded to your personal dashboard in [Company] Chatter! View/Comment You're receiving International emails. To change or turn off [Company] email, log in as [Email]_.](https://assets-global.website-files.com/6130a9118b1be9aebe2c2837/6475c4bdd0a4ed417c07d6a4_bcc22552.png)
Additionally, the email is designed to look like a genuine notification from the service, making it harder to detect as a scam.
Lufthansa impersonation
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Europe
Analyst: Minna Herlevi
Date: 05.10.2023
This email is pretending to be from Lufthansa, warning you that your Lufthansa points will expire in the next 24 hours. It attempts to create a sense of urgency by making it seem like the recipient will lose their hard-earned points if they don't act now.
In addition to the urgency, their legitimate logos can make the email somewhat difficult to spot.
Lottery winning advance fee phishing email
Hox rating: ★✩✩✩
Threat type: Bulk phishing
Payload: Pretext
Region: Europe
Analyst: Julia Kylmälä
Date: 05.11.2023
The email claims to originate from a lottery winner who has chosen to donate money to the recipient.
It relies on the recipients’ greed to get them to make contact, upon which an advance fee would be needed to get the promised money.
MS Power BI internal service impersonation
Hox rating: ★★★✩
Threat type: Advanced campaign
Payload: Malicious link
Region: Global
Analyst: Suvi Hakala
Date: 12.05.2023
This phishing email looks like a genuine Microsoft Power BI notification encouraging the receiver to click it.
![Power Bl Weekly Cash Report The Weekly Cash Report has now refreshed and is ready for viewing. Go to report > You're receiving this email because reporting@[company] subscribed you to the 'Management Personnel' page of the 'Weekly Cash' report. The image above was generated at Wednesday, 8 March 2023 14:48:51. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052](https://assets-global.website-files.com/6130a9118b1be9aebe2c2837/6475c605f5c7482969c91848_2ac6b1e8.png)
It notifies the user of a cash report available for them, which is an intriguing topic. The email is sent from a compromised email address.
Keep up with the threat feed
Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!