Beware file Transfer Services
I received this phishing email yesterday, it successfully bypassed the email filtering as it was generated by a legitimate file transfer service called TransferXL. I actually received multiple copies of this email as they had been scraping the internet for email addresses to distribute this attack to. The email looks like this:
Upon detonating the email, it took me to the legitimate transferxl service and prompted me to download the file:
Accessing the download it download a zip file with a fake remittance advice PDF inside:
Detonating the PDF, it contained a fake invoice and a link (see below) to access the document:
Clicking on view Document, it took me to a malicous credential harvesting page, prompting for credentials.
Clicking on the Outlook button, I was presented with a form, where i populated with dummy data.
Upon clicking submit it presented me with a random PDF on Welath Management, served up from a google drive.
As you can see its quite a simple process for an attacker to capture credentials from an unsuspecting victim.
Here are the domains/addresses the attackers have been using, as you can see below they are using 4 suspicous domains/services.
Always stay vigilant for these types of fake invoices and file transfer notifications!