Attackers use comprised business email addresses to send out messages which mimick secured confidential message notification in order to steal credentials
Threat Analyst Team
A concerning new phishing trend is circulating in the Nordics, where emails that appear to inform the recipient of a confidential message are being sent from compromised business email addresses (BECs). While BEC campaigns have typically used email templates that notify of a shared document, recent campaigns in the Nordic region have begun utilizing templates that resemble the Deltagon-secured confidential message notification.
This is particularly concerning because the Deltagon secure communications solution is widely used by both local authorities and commercial entities, and is therefore easily recognizable by many.
What makes this phishing campaign particularly dangerous is that the emails are typically well-formatted, and in some cases, they are indistinguishable from a legitimate confidential email notification. Furthermore, these messages can appear relevant to a large number of individuals within an organization, unlike an email informing of a document share, which may seem unexpected or irrelevant and therefore raise immediate suspicions. What’s more, people may not associate these types of notification messages with phishing attempts, which makes them more dangerous - particularly if they are formatted to resemble the notifications sent by legitimate entities.
Additionally, these types of messages can evoke curiosity in the recipient, leading them to click on the malicious link.Let’s take a look at these examples:
The emails typically inform the recipient that they have received a confidential message that they can access by clicking on a link. The link often leads to a malicious website containing a credential harvester.
Off the hook – How to detect the attack and protect your organization from it
It's important to exercise caution when receiving unexpected messages. Whether it's an email, text message or social media notification, you should be wary of clicking on any links or responding to any requests. In particular, if you receive a message from an unknown sender or with a suspicious subject line, it's best to approach it with caution. One effective way to verify the legitimacy of a message is to hover over any links and check if they lead to a reputable website or not. By taking these simple steps, you can avoid falling prey to phishing scams and protect your personal information and data.