.jpg)
DocuSign and Microsoft impersonations
“Document89272-01 Docs Via E-Sign #23(REVISED)”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Europe
Date: 23.10.2023
This phishing email aims to get the recipient to click the malicious link embedded in the message.
The link leads to a malicious credential-harvesting website.
Analyst: Wivi Koenkytö
DocuSign impersonation with company logo and QR code
“Approval-Request-Required for institute at 20:11:00_17/10,_Please_Complease_Document.”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious QR code
Region: Global
Date: 23.10.2023
This phishing email encourages recipients to scan an embedded QR code while pretending to be an official DocuSign communication.
What sets this campaign apart is its use of the recipient’s company’s logo, adding a layer of perceived authenticity.
Analyst: Sampo Lenkola
Luxembourg police impersonation
“RE: Last reminder before increase.”
“RE: Dernière relance avant majoration.”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Luxembourg
Date: 23.10.2023
This campaign impersonates the Luxembourg police, claiming that the recipient didn’t pay their traffic fine.
They should follow the link and pay online to avoid sanctions, including a fine increase. The hyperlink leads to a malicious website with a different URL than the one in the email.
Analyst: Siiri Latola
Geek Squad impersonation
“Subscription renewed”
Hox rating: ★✩✩✩
Threat type: Bulk phishing
Payload: Malicious phone number
Region: North-America
Date: 24.10.2023
This Geek Squad impersonation claims that your Geek Squad personal home subscription was just renewed for $499.99.
The goal is to get the recipient to call the provided phone number, in a panic, to cancel the subscription. After they call the number, the scammer would attempt to gain financial and personal information from the recipient.
Analyst: Minna Herlevi
DHL impersonation
“DHL package tracking - 123456789”
“Suivi de colis DHL - 123456789”
Hox rating: ★★✩✩
Threat type: Advanced campaign
Payload: Malicious link
Region: Europe
Date: 24.10.2023
This phishing email aims to get the recipient’s credentials by claiming that the package ordered by the recipient is on its way.
The link leads to a realistic but fake DHL website where the recipient is asked to pay for the shipment of their package.
Analyst: Wivi Koenkytö
MetaMask impersonation
“[MetaMask] Verify Your Wallet Before October 26, 2023”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Global
Date: 24.10.2023
This email falsely represents MetaMask, attempting to deceive users into verifying their wallets.
![MetaMask impersonation “[MetaMask] Verify Your Wallet Before October 26, 2023”](https://assets-global.website-files.com/6130a9118b1be9aebe2c2837/653bc8c68f5ea27c75c8b218_Week43-2.png)
It misleadingly uses KYC regulations to appear credible.
Analyst: Sampo Lenkola
Microsoft 2FA—Failed Verification
“FW: 2FA Auth_Error”
Hox rating: ★✩✩✩
Threat type: Bulk phishing
Payload: Malicious QR code
Region: Global
Date: 26.10.2023
This email impersonates Microsoft, claiming that the recipient’s two-factor authentication failed.
It claims that if the recipient doesn’t scan the QR code and follow the instructions, their email will be deactivated.
Analyst: Siiri Latola
DocuSign impersonation with QR code
“Direct Deposit Information for Reimbursement Payment Agreement to be completed on October 26, 2023”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious QR code
Region: Global
Date: 26.10.2023
This phishing email is impersonating DocuSign. The email contains a malicious QR code that claims to lead to a document.
This is a very typical phishing email that includes a QR code. Even though the body of the email looks real, it doesn’t come from DocuSign.
Analyst: Kaarlo Mahlberg
QuickBooks impersonation Global
“Payment of $12,800.00 was issued to you by check on 10/25/2023”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious attachment
Region: Global
Date: 26.10.2023
This email is trying to impersonate QuickBooks. It claims that a large payment was issued to the recipient.
The email also says that the recipient can find more information about the payment in the attachment. The attachment then leads the recipient to a fake login site that’s used to harvest their credentials.
Analyst: Kaarlo Mahlberg
QuickBooks impersonation Europe
“Plan Renewal Success: Payment Successfully Verified”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious phone number
Region: Europe
Date: 27.10.2023
This phishing email informs the recipient of their plan renewal.
The attacker’s goal is to get the recipient to call the malicious phone number to cancel the fake renewal.
Analyst: Wivi Koenkytö
German postal service impersonation
“Package is waiting for delivery”
“Paket wartet auf Lieferung”
Hox rating: ★★✩✩
Threat type: Advanced campaign
Payload: Malicious link
Region: Europe
Date: 27.10.2023
“Your delivery with the reference number CH495655217 is waiting for the payment of the fees. The shipping details are as follows.”
This phishing email aims to get the recipient to press the malicious link that most likely leads to a credential harvesting site. An interesting observation is that the attacker has used a survey service, which is why the message includes strange fields, such as “Start Survey” or this “Untitled dfasdf asdfasdf...” at the bottom of the page.
Analyst: Wivi Koenkytö
Keep up with the threat feed
Don’t miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!
