publishing date icon
May 19, 2023
read time icon
5 min. read

Threat feed week 20: Email notification hijack and internal service impersonations

Post hero image

Table of contents

share this post

Sogolytics email notification hijack

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Reetta Sainio

Date: 17.05.2023

In this phishing email, attackers manipulate legitimate email notifications from Sogolytics, an online survey tool. These emails disguise themselves as notifications about newly received voicemails.

Hello, You have new voice messages! To listen to your voice messages use the link below. Click here We thank you for your time and participation. Sincerely, Voice Mail System This email is sent on behalf of the person/organization whose phone number appears in the notification. If you have any questions about the email, please contact the sender by replying to this email. If you prefer not to receive future reminders about this audio call, please click here. If you prefer not to receive future notification from the sender behind this notification, please click here. sogolytics

While all the links in the email appear legitimate, directing users back to the Sogolytics service, the content they deliver is malicious.

Acerta internal service impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Europe

Analyst: Suvi Hakala

Date: 19.05.2023

This phishing email attempts to impersonate the HR service Acerta. It claims two-factor verification will soon be mandatory for the service and asks the user to register via the provided link.

acerta TVeestal%Verificatie wordt binnenkort Vanaf I juni 2023 zal ook Acerta de tweestapsverificatie gaan verplichten. Door het instellen van tweestapsverificatle voegt u een extia beveiligingslaag toe aan uw account. Acerta vindt dat uw veiligheid van grmt belang is en daarom voeren ui] deze nieuwe regel dcxvr. Wat moet u doen? Registreer uw tweestapsverificatie via de onderstaande link. Z,O'g dat u tijd bent met registreren, zoals eerder vermeld is de tweestapsverificatie verplicht. de volgt de identificMiemiddelen (elDASi en de IC,DPR) 2023

A sense of urgency is created with a short deadline and the risk of losing access to HR services.

Microsoft Teams internal service impersonation

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Global

Analyst: Minna Herlevi

Date: 19.05.2023

This phishing email is designed to look like it's a Microsoft Teams notification.

SUBJECT: Friday, May 19, 2023 Your teammates are trying to reach you in Microsoft Audio Teams. Contact sent a message Audio Transcript Play Voice Message Install Microsoft Teams now Reply in Teams jos Android This email was sent from unmonitored mailbox. Update your email preferences in Tums. Actis'i%• > Settings (Gear Icon) > Notifications. @ 2023 Microsoft Corporation. One Vicrc:oft Way. Redmond WA ZOS2-7329 Read our prÄ'öC>'ÆLQ' •.11 Microsoft

The email notifies the victim that they have received a voice message on a fake Microsoft Teams service called ‘Microsoft Audio Teams’. The email is sent from a compromised email address.

Admin support phishing message

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Julia Kylmälä

Date: 19.05.2023

This email is designed to imitate an automated message from company administrative services telling the user they have pending messages due to a server error.

Admin support phishing message

The sender's address is spoofed to look like it came from a company address.

Keep up with the threat feed

Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.