publishing date icon
June 17, 2023
read time icon
5 min. read

Threat feed week 24: Pfizer, Microsoft, QuickBooks, Adobe, Google, Spotify, and other impersonation phishing emails

Post hero image

Table of contents

share this post

Pfizer impersonation

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious PDF attachment

Region: Global

Analyst: Reetta Sainio

Date: 13.06.2023

The goal of this phishing campaign is to deceive people by pretending to be the pharmaceutical company Pfizer. The messages ask for quotes on industrial supplies, allegedly required by Pfizer. The scheme tactfully employs advanced methods, such as creating domains that mimic genuine ones.

Additionally, it uses social engineering strategies in the email and corresponding PDF files, which are free of any malware or malicious links. The payload includes a PDF attachment to be redirected to another impersonated Pfizer domain.

Microsoft QR code service impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious QR code

Region: Global

Analyst: Julia Kylmälä

Date: 14.06.2023

This attack uses password expiration as an excuse to prompt the receiver to scan a QR code.

The QR code contains a link leading to a malicious site.

QuickBooks service impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Suvi Hakala

Date: 14.06.2023

This phishing email attempts to impersonate the accounting software QuickBooks. It claims they’ve received a payment made by the recipient.

A large, already-charged sum creates an emotional trigger urging the recipient to click the link for more details on the payment.

Adobe Sign service impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Global

Analyst: Suvi Hakala

Date: 14.06.2023

This phishing email is a fake Adobe Sign notification. It claims the recipient's employer has requested their signature on a sales and non-disclosure agreement.

The link leads to a company personalized Microsoft credential harvester.

Google Sheets notification hijack

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Verna Kuusniemi

Date: 15.06.2023

This phishing email is a request by an unknown, external sender for access to a Google Sheets document.

The malicious actors who use this phishing method, also referred to as a notification hijack, request access to or share documents by sending the request via a known, reputable service, like Google.

Spotify impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Europe

Analyst: Verna Kuusniemi

Date: 15.06.2023

This phishing email claims to be from the music streaming service, Spotify.

The message alerts the recipient to payment issues with their Spotify Premium subscription and asks them to review their payment information.

Verohallinto impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Finland

Analyst: Minna Herlevi

Date: 15.06.2023

This phishing email is impersonating Verohallinto, the Finnish tax authority.

The message notifies the user that they have received a tax refund, and they need to use the provided password to claim it.

Keep up with the threat feed

Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.