Adobe Acrobat Sign impersonation
“Request "Funds Disbursement Settlement Instructions"”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Global
Date: 25.01.2024
This email is impersonating Adobe Acrobat. The email is inviting the recipient to review and sign a document called "Investor Portal-Funds_Disbursement_Settlement_Instructions".
When the recipient clicks the Review and sign button, it redirects the recipient to a credential harvester.
Analyst: Kaarlo Mahlberg
Microsoft impersonation: Password system reminder
“OneTimeConfirmation:Retain notification response needed today -Password -expiration -review”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Global
Date: 25.01.2024
In this large phishing campaign, the attacker uses fake Microsoft reminder banners to convince the recipient to give out their credentials.
The button to 'Keep My Same Login Access' is actually a link to a credential harvesting website. Campaigns like this have been extremely prevalent in our data since the beginning of the year.
Analyst: Wivi Koenkytö
Outlook impersonation
“Action required”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Global
Date: 25.01.2024
This email impersonates Outlook, claiming that the recipient's password is expiring today. Urgency is used in an attempt to social engineer the recipient to click one of the links. It's good to note that neither one of the links is actually to change the password; just to keep the same one or skip changing it for six months.
This email uses obfuscation of text in an attempt to bypass email filters. Special characters are used in keywords like 'action', 'password' and 'account'.
Analyst: Siiri L.
PostNord impersonation
“Der er en opdatering i din pakkeleveringsstatus!”
Hox rating: ★★★✩
Threat type: Advanced campaign
Payload: Malicious link
Region: Nordics
Date: 23.01.2024
In this advanced phishing campaign, the attacker aims to get the recipient's banking details by impersonating PostNord, a postal service mainly operating in the Nordics.
Postal companies rarely send any emails—especially ones that repeat the body of the message twice, which makes this very suspicious.
Analyst: Wivi Koenkytö
BankID impersonation
“Sjekke integriteten til informasjonen din”
Hox rating: ★★★✩
Threat type: Advanced campaign
Payload: Malicious link
Region: Nordics
Date: 23.01.2024
"You will be asked to validate your information by following our instructions to avoid suspension of your online services. Without action on your part and in accordance with applicable law, we will be forced to suspend your online services."
In this phishing email, the attacker claims that the recipient's access to online services will be suspended if they do not confirm their information in the service. The link in the message leads to a credential harvester.
Analyst: Wivi Koenkytö
QuickBooks impersonation
“Payment Approved: Your Plan is Now Confirmed!”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious phone number
Region: North America
Date: 18.01.2024
In this phishing email, the attacker impersonates accounting software QuickBooks to scam the recipient. The invoice is unexpected, which is supposed to trigger the recipient to call the phone number.
In these sort of attacks, the goal of the attacker is often to get the recipient's banking details or install a remote software on the victim's device to conduct malicious activities.
Analyst: Wivi Koenkytö
Keep up with the threat feed
Don’t miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!