publishing date icon
December 15, 2023
read time icon
5 min. read

Threat feed week 50: Tesla, eBay, MobilePay, Netflix, and WeTransfer impersonations

Post hero image

Table of contents

share this post

Tesla Stock Award

“Congratulations on your Tesla Stock Award.”

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious email address

Region: Global

Date: 10.12.2023

This email is impersonating Elon Musk and his team. It claims that your email address has been selected to win Tesla stock. However, to claim this award, you are required to send an email to a malicious address.

Analyst: Sampo Lenkola

WeTransfer impersonation

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious attachment

Region: Global

Date: 5.12.2023

This email impersonates WeTransfer, a cloud-based platform used to transfer large files. The email suggests that your account has received documents. However, the email contains a malicious attachment, which leads to a credential harvester.

WeTransfer impersonation

Analyst: Sampo Lenkola

DHL impersonation

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Central Europe

Date: 5.12.2023

In this phishing email, the recipient is told that their package has arrived, but they need to complete a few steps before receiving their order. The link to 'view order' is actually a malicious link, leading to a fake DHL website.  

DHL impersonation

The attacker has added a fake "verify you are human" page before the fake website to increase credibility of the site.  

Analyst: Wivi Koenkytö

Netflix impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Global

Date: 11.12.2023

This email is impersonating Netflix. The email says there was a problem with the recipient’s payment processing.

Netflix impersonation

It then says that the recipient can resolve the issue quickly by clicking the link in the mail. The link redirects the recipient to a credential harvester.

Analyst: Kaarlo Mahlberg

Prisma impersonation

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Finland

Date: 8.12.2023

In this phishing email, the recipient is told that they have been chosen to participate in a loyalty member program where they can win a free air fryer.

Prisma impersonation

The link leads to a fake website where the recipient is enforced to answer a survey under time pressure and eventually give out their credentials.

Analyst: Wivi Koenkytö

Booking.com impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Europe

Date: 8.12.2023

"Your unshakable support was of crucial importance for our journey and as a sign of our gratitude we are pleased to tell you that we sent you to travel."

Booking.com impersonation

In this phishing email, the recipient is told that they have received travel points worth 245 pounds. In order to claim these, they have to follow the instructions given in the message. The link in the message leads to a credential harvesting website.  

Analyst: Wivi Koenkytö

HR shared a file with you

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Date: 7.12.2023

This email claims to inform the recipient that Human Resources shared a file titled "December Payroll and Unpaid Benefits for Employees" with them.

Booking.com impersonation

The goal is that the recipient would become curious enough to click on the malicious link.

Analyst: Siiri L.

Nordea impersonation

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Nordics

Date: 11.12.2023

"We invite you to request a refund by clicking on the link below and following the necessary instructions."

Nordea impersonation

In this phishing email, the attacker claims that the recipient has been billed twice and they should request a refund by following the given link. The link leads to a malicious credential harvesting website.

Analyst: Wivi Koenkytö

MobilePay impersonation

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Denmark

Date: 4.12.2023

"Your Mobilepay is blocked. You must activate the new web security system 2024. Once you have updated your account information, the account will function normally."

In this phishing email, the recipient is told that they should update their account information in order to use MobilePay again. The link to 'update' account information leads to a fake MobilePay website that asks for the recipient's phone number, social security number, and credit card information.

MobilePay impersonation

After the recipient has completed the process of giving their information, they are automatically directed to the real MobilePay website.  

Analyst: Wivi Koenkytö

MitlD impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Denmark

Date: 13.12.2023

"You have changed your password. If you did not start this change, we recommend that you restore your MitIDApp access immediately by following this process."

MitID impersonation

In this phishing email, the recipient is told that they need to change the password of their MitID (Denmark's digital ID) by following the instructions in the link. The link actually leads to a malicious website with the aim of getting the recipient's credentials.  

Analyst: Wivi Koenkytö

eBay impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious phone number

Region: Global

Date: 12.12.2023

In this phishing email, the recipient is confused with a fake tax invoice from eBay.

eBay fake tax invoice

The invoice is not legitimate and the payment is located in an irrelevant place, which is all used to get the recipient to call the malicious phone number included in the message.

Analyst: Wivi Koenkytö

QuickBooks impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious phone number

Region: Global

Date: 12.12.2023

In this phishing email, the recipient has received a fake invoice from QuickBooks.

Quickbooks impersonation (fake invoice)

The aim of this phish is to get the recipient call the malicious phone number as no other contact information is given.

Analyst: Wivi Koenkytö

Vero impersonation

Hox rating: ★★★✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Finland

Date: 08.12.2023

This phishing email is impersonating Verohallinto, the Finnish tax authority. The email says that the recipient has unclaimed tax refunds and urges the recipient to go see the refunds by clicking the link in the mail.

Vero impersonation

The link leads the recipient to a fake landing page and asks for their payment information

Analyst: Kaarlo Mahlberg

Keep up with the threat feed

Don’t miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.