Our threat analyst team discovered yesterday (December 9th, 2020) two major phishing campaigns that have hit several enterprises across Europe. We have seen several reports from thousands of users from different countries and customer organizations. According to the Whois data, both of the attacks have been originating from different Technology Institutions' servers. We assume that this could happen by attackers compromising the email servers or by getting access to someone’s corporate email account.
The phishing attacks
All the messages have been the same across all the organizations that have reported the attacks.
“Management has shared a file with you”
In this email, the attackers try to get people to click on the link to preview a document that the management shared with them.
Note: We replaced the company name with the 'Censored' textfor full confidentiality and removed the sender's email address.
Once the victim clicks the button, the link redirects the user to the attacker’s credential harvesting website. This website looks a lot like a real Microsoft login site, but you can tell that this is fake by looking at the domain in the browser’s URL field.
Nevertheless, the attack is rather apparent because of the email address/domain. If the message had been shared through Sharepoint, the email address would be either sharepointonline.com or microsoft.com.
”Helpdesk Action Requested”
This attack was phishing for login credentials. It’s a basic type of phishing attack, and those that hover over the link and watch out for the sender’s email address could easily recognize and would not fall for it.
Note: We replaced the company name with the 'Censored' textfor full confidentiality and removed the sender's email address.
Keep practicing safe email habits & reporting suspicious emails
To remain safe, remember to be cautious with all emails that you receive. Do the following:
- Are you expecting the email? If no, be extra careful!
- Analyze the subject line: does it look odd?
- Who is the sender, and what is the email address? If the email address looks strange to you, it’s most likely a threat.
- If the email comes from a service provider, think about it twice whether it’s a legit email.
- Always hover on the link!
- If you are unsure, don’t click anything!
Finally, if the email has raised concerns, remember to report it to your security team according to your organization’s guidelines.
Explore more phishing trends
- Top 3 Banking Phish Winter 2021
- Top 4 Official Authority Impersonation Phishing Attacks of 2021
- Financially motivated cyber attacks on executives is on the rise
- Summer Email Scam Trend: Out of Office and Read Receipt Phishing
- Five COVID-19 Threats & How to Prepare For Them
- New cryptocurrency phishing attacks
- New gift card phishing attacks
- New social media phishing campaigns
- New tax phishing attack: CP-2100 Notice Campaign
- Funds transfer phishing attacks work better with a crisis
- Phishing Attacks and Scams in 2019 and Beyond