A big week of Phishing emails and scams
over the last 7-10 days I've received a large amount of various phishing emails and scams. I've also had a lot of these attacks reported to me by clients as well. Please keep an eye out for these phishing emails and scams!
Banking Phishing emails
This one was received claiming to be from the cba:
It tried to convince the target to execute a malicous link which takes the victim to a clone Phishing site instead of the real site to entice the victim to hand over their internet banking details.
A similar one was received claiming to be from Suncorp, again it uses a shortener service to take you to a phishing site masquerading the original, in an attempt to steal your details. Not sure what a Shortener service is? Grab a copy of Hack Proof Yourself!
A new document phish was reported to me by one of my clients. These so called 'File shared notifications' are used frequently by attackers in an attempt to convince the victim to execute a payload to gain access to their machines or give out other sensitive info:
Romance Scammers were very much on the prowl over the last week. Recall that the goal of a romance scammer is to start that initial first contact by convincing you to contact them via email, WhatsApp or another medium where they can start their grooming processes.
The first one I received looks like the below:
You can see the link actually takes me to a Google drive shared file or directory. Detonating the link in my sandbox, it takes you to the legitimate Google login page:
Which will take you to a page stating you need access (its restricted)
It states that you need permission. This is done on purpose to convince the victim to reach out to 'Megan' directly:
I received a few different formats of romance scam Phishing as well as the above:
I received a bunch of inheritance and business scams this week and last. You will recall that these scams are usually used to gain access to a bank account for Money Laundering purposes or for other attacks.
Here is the most recent one:
I doubt if anyone had that much money that they would be using a free gmail account!
Here's a similar one, this time claiming that they want to share their lottery winnings with me!
Package Delivery notification
A new wave of Fedex phishing emails were observed this week.
The emails are addressed to generic email address and take the victim to a malicious .icu address.
Similar to previous posts, a bunch of gift card phishing emails were received, for the first time they are Brandjacking Aldi. Again they are using those hardviewlink.club malicous url's.
Here's the bottom part of the Phish:
A few different variants of the recent Sextortion Scams are going around enticing fear into their victims. Here is the latest 2 variants to look out for. The emails are quite long so I've had to break them up.
Romance Scam 2 - NSFW (Not Safe For work)
I received this additional romance scam phishing email this week. Note some of the images are NSFW as they have some nudity, but if your accessing this from a non-work PC or device, read on....
Here is the Phish I received:
The email is very simple, but entices the victim to visit a .tk address.
Upon accessing the request it took me to a dating type site, depending on what languages you had configured for your browser is the version you received:
While these pages load, I noticed it had a spinning logo, pretending the site was loading. It would eventually lead you to a page like this:
This yourdatingzone2.com site is quite malicious. When you select Yes on this or to any other prompts on the site, the loading image would continue to appear for a number of seconds. In the interim it is trying to drop various types of malware to you via a massive number of requests to thismalicious site.
As you have seen this week has been crazy for Phishing emails, scams and attacks. As always stay vigilant and Hack Proof Yourself!