.jpg)
Microsoft OneDrive impersonation
“Faxed Document Receipt #11 Pages – Friday-October-2023 09:31 AM”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Europe
Date: 30.10.2023
This phishing email aims to get the recipient to “view” a document related to their salary, which is actually a malicious link.
The link leads to a credential-harvesting website.
Analyst: Wivi Koenkytö
SB Debt Collection impersonation
“Payment reminder nb #:-nb# 1234567.”
“Maksumuistutukset nro #:-nr# 1234567.”
Hox rating: ★✩✩✩
Threat type: Bulk phishing
Payload: Pretext
Region: Finland, Nordics
Date: 30.10.2023
This phishing email tries to get the recipient’s attention by claiming to be a debt collector from a collection agency.
The sender claims to represent a customer of the recipient’s company and that the company has an unpaid invoice by the number #1234567 that should be solved immediately.
Analyst: Wivi Koenkytö
Bpost impersonation—customs payment with Paysafecard
“You have a package waiting for delivery.”
“Vous avez un colis en attente de livraison.”
Hox rating: ★✩✩✩
Threat type: Bulk phishing
Payload: Malicious email address
Region: Belgium
Date: 30.10.2023
This email claims the recipient must pay to release their Bpost parcel from customs.
The recipient is advised to do this by purchasing a Paysafecard for 50 euros and sending the PIN code to the malicious email.
Analyst: Siiri Latola
Tele2 Sverige impersonation
“Your last invoice was paid twice”
“Din senaste faktura har betalats två gånger”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Sweden, Nordics
Date: 30.10.2023
This phishing email aims to get the recipient’s credentials by claiming that the recipient has paid one of their invoices twice.
The email contains a link that the recipient should use to get a refund for this payment.
Analyst: Wivi Koenkytö
OP Financial Group impersonation
“new process 1.11.2023”
“uusi menettely 1.11.2023”
Hox rating: ★✩✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Finland, Nordics
Date: 30.10.2023
This phishing email is impersonating OP, a Finnish bank.
The contents inform the recipient that they must synchronize their account again. Visually, the email looks very rough, which can make it easy to spot.
Analyst: Minna Herlevi
OTP Bank impersonation
“Card Security Alert!”
“Alertǎ de securitate pentru card!”
Hox rating: ★★★✩
Threat type: Advanced campaign
Payload: Malicious link
Region: Hungary, Europe
Date: 30.10.2023
“Your cards have been temporarily suspended until you activate the new security system.”
This phishing campaign aims to get the recipient’s credentials by claiming that the recipient can’t use their credit cards before they activate a new security system. The link leads to a malicious website, possibly a credential-harvesting site.
Analyst: Wivi Koenkytö
Vipps impersonation
“Verify/Reactivate your account for security reasons.”
“Bekrefte/Aktiver kontoen din på nytt av sikkerhetsgrunner.”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Norway
Date: 31.10.2023
This campaign impersonates Vipps and claims that the recipient’s account has been temporarily banned for security reasons.
The malicious link leads to a fake page that asks the user for personal information.
Analyst: Siiri Latola
Danmark Sygeforsikring health insurance impersonation
“Request Your Refund Now!”
“Anmod om din Refusion Nu !”
Hox rating: ★★✩✩
Threat type: Advanced campaign
Payload: Malicious link
Region: Denmark, Europe
Date: 31.10.2023
“You have a refund regarding an invoice of DKK 1350.00, we apologize, but the refund cannot be processed automatically, You must make an online request to complete this refund.”
This phishing email tries to get the recipient’s credentials by claiming they're entitled to a refund. The message includes a link that leads to a credential-harvesting website.
Analyst: Wivi Koenkytö
Microsoft storage impersonation
“- Mailbox storage Exceeded -”
Hox rating: ★✩✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Global
Date: 01.11.2023
This email impersonates Microsoft and claims the recipient’s mailbox is almost full.
It tries to trick the user into clicking a malicious link.
Analyst: Sampo Lenkola
Binance cryptocurrency exchange impersonation
“Claim Your BNB: You're on the Binance Airdrop List. #GG458845966”
Hox rating: ★★★✩
Threat type: Advanced campaign
Payload: Malicious link
Region: Europe
Date: 01.11.2023
This phishing email claims that the recipient can gain 150 BNB—a cryptocurrency—from Binance—a cryptocurrency exchange company.
The message contains a malicious link that leads to a credential-harvesting website.
Analyst: Wivi Koenkytö
DocuSign QR code impersonation
“Completion required: Hoxhunt”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious QR code
Region: Global
Date: 02.11.2023
This DocuSign impersonation includes a malicious QR code that the recipient is prompted to scan to access their document.
The template is identical to a regular DocuSign email without the QR code, but the signature included is the recipient’s. This makes it seem like they’ve sent this email to themselves.
Analyst: Minna Herlevi
McAfee impersonation
“Urgent! Awaiting your final decision”
“Kiireellinen! Odottaa lopullista päätöstäsi”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Malicious link
Region: Finland
Date: 02.11.2023
This phishing email contains multiple links embedded in the image. The attacker tries to trigger a sense of panic in the recipient with all the visual elements to get the user to click some of the links.
The links lead to malicious websites intending to get the recipient’s credentials.
Analyst: Wivi Koenkytö
Police impersonation
“Police report”
“Poliisiraportti”
Hox rating: ★★✩✩
Threat type: Bulk phishing
Payload: Pretext
Region: Finland
Date: 03.11.2023
This email claims to come from the Finnish police. The email includes an attachment. The attached document accuses the recipient of viewing child pornography. The file also says that if the recipient doesn’t respond to the message within 48 hours, legal charges will be filed against them.
However, the email doesn’t come from the Finnish police.
Analyst: Kaarlo Mahlberg
Keep up with the threat feed
Don’t miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!
