Pfizer impersonation
Hox rating: ★★★✩
Threat type: Advanced campaign
Payload: Malicious PDF attachment
Region: Global
Analyst: Reetta Sainio
Date: 13.06.2023
The goal of this phishing campaign is to deceive people by pretending to be the pharmaceutical company Pfizer. The messages ask for quotes on industrial supplies, allegedly required by Pfizer. The scheme tactfully employs advanced methods, such as creating domains that mimic genuine ones.
Additionally, it uses social engineering strategies in the email and corresponding PDF files, which are free of any malware or malicious links. The payload includes a PDF attachment to be redirected to another impersonated Pfizer domain.
Microsoft QR code service impersonation
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious QR code
Region: Global
Analyst: Julia Kylmälä
Date: 14.06.2023
This attack uses password expiration as an excuse to prompt the receiver to scan a QR code.
The QR code contains a link leading to a malicious site.
QuickBooks service impersonation
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Global
Analyst: Suvi Hakala
Date: 14.06.2023
This phishing email attempts to impersonate the accounting software QuickBooks. It claims they’ve received a payment made by the recipient.
A large, already-charged sum creates an emotional trigger urging the recipient to click the link for more details on the payment.
Adobe Sign service impersonation
Hox rating: ★★✩✩
Threat type: Advanced campaign
Payload: Malicious link
Region: Global
Analyst: Suvi Hakala
Date: 14.06.2023
This phishing email is a fake Adobe Sign notification. It claims the recipient's employer has requested their signature on a sales and non-disclosure agreement.
The link leads to a company personalized Microsoft credential harvester.
Google Sheets notification hijack
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Global
Analyst: Verna Kuusniemi
Date: 15.06.2023
This phishing email is a request by an unknown, external sender for access to a Google Sheets document.
The malicious actors who use this phishing method, also referred to as a notification hijack, request access to or share documents by sending the request via a known, reputable service, like Google.
Spotify impersonation
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Europe
Analyst: Verna Kuusniemi
Date: 15.06.2023
This phishing email claims to be from the music streaming service, Spotify.
The message alerts the recipient to payment issues with their Spotify Premium subscription and asks them to review their payment information.
Verohallinto impersonation
Hox rating: ★★✩✩
Threat type: Advanced campaign
Payload: Malicious link
Region: Finland
Analyst: Minna Herlevi
Date: 15.06.2023
This phishing email is impersonating Verohallinto, the Finnish tax authority.
The message notifies the user that they have received a tax refund, and they need to use the provided password to claim it.
Keep up with the threat feed
Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!