Netflix impersonation
“Your membership has expired!”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Global
Date: 17.01.2024
In this phishing email, the attacker tries to get the recipient's banking details by impersonating Netflix.
The visual appearance of the message makes it quite convincing. However, it can be identified as a phishing email since there is a sense of hurry and the message does not come from the netflix(.)com domain.
Analyst: Wivi Koenkytö
QuickBooks impersonation
"Payment Processed: Your Subscription is Now Active"
Hox rating: ★✩✩✩
Threat type: Bulk phishing
Payload: Malicious phone number
Region: Global
Date: 18.01.2024
This email impersonates QuickBooks. It attempts to create a scenario where the recipient ordered a Business Essentials Plan from QuickBooks.
To cancel the order, the recipient has to call a malicious phone number.
Analyst: Kaarlo Mahlberg
Vero impersonation
"Important Information on Tax Refunds"
Hox rating: ★★✩✩
Threat type: Advanced
Payload: Malicious link
Region: Finland
Date: 15.01.2024
This phishing email is impersonating Verohallinto, the Finnish tax authority. The email suggest that the recipient has unclaimed tax refunds and urges the recipient to go and see the refunds by clicking the link on the mail.
The link then leads the recipient to a fake Vero page and asks for recipients payment information.
Analyst: Kaarlo Mahlberg
Posti impersonation
"Shipping delivery error message"
Hox rating: ★★★✩
Threat type: Advanced
Payload: Malicious link
Region: Finland
Date: 16.01.2024
"We are sorry to inform you that your parcel delivery failed. A new delivery company requires payment of a delivery fee."
In this advanced campaign, the attacker tries to get the recipient's banking details by impersonating Finland's well-known postal service. The body of the message is very convincing, but the clumsy language and sense of urgency reveals that this is actually a phishing campaign.
Analyst: Wivi Koenkytö
Danske Bank impersonation
"You have (1) important message in your secure mailbox"
Hox rating: ★★✩✩
Threat type: Advanced
Payload: Malicious link
Region: Finland
Date: 17.01.2024
"You have (1) important message in your secure mailbox. To see it, click on the link below: More information."
In this phishing email, the attacker impersonates Danske Bank in order to get the recipient to give their banking credentials and personal details to the attacker.
Analyst: Wivi Koenkytö
Keep up with the threat feed
Don’t miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!