publishing date icon
July 28, 2023
read time icon
5 min. read

Threat feed week 30: Microsoft Planner, IMF, Wise and fake voicemail notification

Post hero image

Table of contents

share this post

Microsoft Planner service impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Global

Analyst: Reetta Sainio

Date: 24.07.2023

This advanced phishing campaign impersonates Microsoft Planner. It claims the recipient has been assigned to new tasks by their company, thus invoking curiosity and urging the recipient to click the link.

Microsoft Planner service impersonation

The email contains the address of the recipient's company headquarters.

International Monetary Fund (IMF) Impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious phone number

Region: Global

Analyst: Reetta Sainio

Date: 25.07.2023

This phishing email claims to be a communication from Kristalina Georgieva, the International Monetary Fund's Managing Director. It deceitfully convinces recipients they've been chosen for an IMF empowerment grant, urging them to reach out for further details.

International Monetary Fund (IMF) Impersonation

Upon contact via email or the provided WhatsApp number, recipients will be solicited for personal banking information.

Wise impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Global

Analyst: Minna Herlevi  

Date: 28.07.2023

This phishing email is impersonating Wise. It includes a call to action, claiming that there is a mandatory security update for all Wise users.

Wise impersonation

Content-wise and grammatically the email looks legitimate, but the sloppily-made buttons break the illusion.

Fake voicemail notification

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious attachment

Region: Global

Analyst: Minna Herlevi

Date: 28.07.2023

This phishing email is notifying the victim of a new voicemail.

Fake voicemail notification

The email claims to have included the voicemail as an attachment, but in reality the attachment is a HTML file with a credential harvester.

Keep up with the threat feed

Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.