Why Hoxhunt?
Solutions
CustomersPricing
Resources
Company
Sign inRequest demo
Hoxhunt black logoRequest a demo
publishing date icon
November 10, 2023
read time icon
5 min. read

Threat feed week 45: Facebook, Google Forms, Verizon, Zoom, McAfee, Sharebox, Outlook, QuickBooks, HR, law firms, and telecommunications impersonations

Author image
Threat Analyst Team
Post hero image

Table of contents

share this post

Facebook Support Team impersonation

“Immediate Response REquired: Facebook Ad Account Policy”

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Global

Date: 06.11.2023

This phishing email is impersonating the Facebook Support Team.

It informs the user that their Ad Account broke Facebook’s Advertising Policies.

The recipient is urged to click the link to sort out the situation.

Facebook Support Team impersonation “Immediate Response REquired: Facebook Ad Account Policy”

Analyst: Minna Herlevi

Google Forms phishing email

“Congratulations! You've Won a Special Gift”

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Date: 06.11.2023

This email comes from Google Forms and is used to send a malicious message.

The form claims that the recipient won a recent giveaway and is asked to give personal information to receive their gift.

The ‘Click Me’ link—both in the email and the form—leads to a malicious website.

Google Forms phishing email “Congratulations! You've Won a Special Gift”

Analyst: Siiri Latola

Verizon impersonation

“***Verizon Wireless: You missed a call from [PHONENUMBER], at 9:07:54 AM GmT”

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Date: 06.11.2023

This email tries to trick the recipient into thinking they’ve missed a phone call and there’s a voicemail they need to listen to.

But, the link leads to a malicious website.

Verizon impersonation “***Verizon Wireless: You missed a call from [PHONENUMBER], at 9:07:54 AM GmT”

Analyst: Sampo Lenkola

Zoom impersonation

“Zoom meeting”

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Nordics

Date: 06.11.2023

This phishing email tries to get the recipient’s credentials by sending a Zoom meeting link, which is actually a link to a credential harvester.

The email is visually quite genuine, and the whole campaign is a relatively new approach to phishing.

Zoom impersonation “Zoom meeting”

Analyst: Wivi Koenkytö

Simmons & Simmons law firm impersonation

“Unpaid invoice #5566843”

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Pretext

Region: Europe

Date: 06.11.2023

In this email, the attacker is impersonating an employee of the international law firm Simmons & Simmons.

This message aims to get the recipient concerned about an unpaid invoice and answer the phishing email.

Analyst: Wivi Koenkytö

McAfee vulnerability impersonation

Your PC is at risk 17/08/2023

Uw pc loopt gevaar 17/08/2023

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: The Netherlands

Date: 06.11.2023

This email impersonates McAfee, claiming that the recipient needs to renew their subscription by clicking the red button.

There’s a great sense of urgency, as the email claims that if the subscription isn’t renewed in 48 hours, the account will be closed, and the recipient’s PC will be left unprotected.

McAfee vulnerability impersonation “Your PC is at risk 17/08/2023” “Uw pc loopt gevaar 17/08/2023”

Analyst: Siiri Latola

UPC Swiss telecommunications impersonation

We invite you to request a refund

Wir laden Sie ein, Rückerstattung zu beantragen

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Switzerland, Europe

Date: 06.11.2023

This phishing email tries to get the recipient’s credentials by claiming they’ve paid an invoice twice and asking them to request a refund by clicking the link.

This link actually leads to a malicious, credential-harvesting website.

UPC Swiss telecommunications impersonation “We invite you to request a refund” “Wir laden Sie ein, Rückerstattung zu beantragen”

Analyst: Wivi Koenkytö

HR department impersonation

“2023 DEC Annual Leave Compliance”

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Europe

Date: 06.11.2023

This phishing email tries to trigger the recipient to click the link by claiming that it includes important information about the annual employee holidays.

The link leads to a malicious credential-harvesting site.

HR department impersonation “2023 DEC Annual Leave Compliance”

Analyst: Wivi Koenkytö

Sharebox impersonation

Sharebox Notification

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Europe

Date: 08.11.2023

This phishing email impersonates Sharebox to get the user to review a work-related document.

This is actually a link to a credential-harvesting website.

Sharebox impersonation “Sharebox Notification”

Analyst: Wivi Koenkytö

McAfee payment impersonation

“Detailed Alert: Review Your Latest Transaction”

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious phone number

Region: Global

Date: 09.11.2023

In this phishing email, the attacker tries to get the recipient to call the malicious phone number by claiming that the recipient has renewed their subscription to a McAfee product.

The email is stylized so that it looks like a representative of McAfee has sent it.

McAfee payment impersonation “Detailed Alert: Review Your Latest Transaction”

Analyst: Wivi Koenkytö

Fake Outlook storage notification

“Your mailbox is 100% full”

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Date: 09.11.2023

This email impersonates Outlook. The email suggests that the user can no longer receive messages because their mailbox is full.

With this, the attacker tries to trigger a sense of urgency in the victim.

The email also claims that to fix the problem, the user should go to the Outlook storage portal from the link. The link then leads the user to a credential harvester.

Fake Outlook storage notification “Your mailbox is 100% full”

Analyst: Kaarlo Mahlberg

QuickBooks impersonation

“Payment Success: Your Plan Has Been Renewed Successfully”

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious phone number

Region: Global

Date: 09.11.2023

This email is trying to impersonate QuickBooks. The email claims that the recipient’s plan was renewed.

Then, the email says that if the recipient didn’t authorize the transaction, they could get the subscription refunded by calling the malicious phone number.

QuickBooks impersonation “Payment Success: Your Plan Has Been Renewed Successfully”

Analyst: Kaarlo Mahlberg

Meta Facebook impersonation

“Urgent: Temporary Account Restriction Due to Exploitation Concerns”

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Global

Date: 10.11.2023

The email is impersonating Meta and Facebook’s Business Help Center. It claims that the recipient’s account is temporarily restricted due to attempted exploitation concerns.

For additional information and support about the restrictions, there’s a button that's supposed to lead to the Help Center’s live chat.

But after clicking the button, it leads to a really realistic fake Meta Business Help Center page that asks for personal information.

Meta Facebook impersonation “Urgent: Temporary Account Restriction Due to Exploitation Concerns”

Analyst: Kaarlo Mahlberg

Keep up with the threat feed

Don’t miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.