How [SPAM PHISHING ATTACKS] Operate
Example(s)
Subject: ACTION REQUIRED
Sent: Friday, September 8, 2023 10:17 AM
FIND THE ATTACHED DOCUMENT AND TREAT WITH URGENCY.
Subject: Remittance Report
Sent: September 8, 2023, 10:47:25 AM, EST
Expires: September 9, 2023, 10:47:30 AM, EDT
You have 24hrs to retrieve this message before it expires..
Click here
Investigation Conclusion(s)
Sophisticated Phishing Attack campaign
(see screenshots below)
Recommended Action(s) / Response
-
If you accidentally got as far as to
- Click any links
- and/or Type in your email address + password
-
Change your Password immediately!
- For Any and All accounts you believe could be using that same password. Otherwise, they're going to to be able to use it to gain access to all other accounts
- If you never Clicked or Typed anything, you may:
- Simply ignore or delete the email
-
Or Add to JUNK mail list in Outlook
-
Right-Click the email from the main screen view
- Mouse-Over the Junk option, from context menu
-
And/Or Report the email and/or website to:
helpdesk@denmarktech.edu
- so they can add it to the Global Blocked List(s)
-
Please Note If you opt for this option, please remember to select "Forward as Attachment"
- IT requires an Original copy of the email in order to assess it's Properties > Internet Headers information to adequately Trace and Block
How it works
- The Parent domain (ie scrapbox.io) is indeed a Safe / Trusted site
-
but the Link(s) contained within, are malicious (such as in this case):
- They're trying to ‘entice’ or ‘intimidate’ you into believing it's Urgent that you Log In
-
which in turn, they Save your credentials (whatever you typed in the email-address + password fields) onto their Servers
- From here, it usually goes one of two ways:
Possibility #1
- They themselves, try to use your login information (hence why 2FA/MFA aka Dual Factor / Multi Factor Authentication is so important) to access other websites associated with you
- They're able to determine those website(s) by way of:
- browser history
- internet files cache
- and/or cookies
- They're usually seeking:
-
Other Contacts (to perpetuate sending more of their fake emails to other people)
-
and/or Anything Financial-related (with the intent to):
-
Gain Access to any of your bank/credit card accounts (with the intent to):
- Authorize payments or transfers to themselves and/or others
-
and/or Steal your identity (with the intent to):
-
Apply for loan(s) or credit card(s), but send the disbursement(s) to themselves and/or others
-
Redirect any deposit(s) to themselves and/or others
- Payroll(s)
- Income Tax Return(s)
-
ACH / Wire Transfer(s) - Business Owners, Merchant Accounts
Possibility #2
- They Sell your information to other bad-actors who intend to try to execute aforementioned activities
-
Why? Lower-risk (especially if the attack originates from a country that does not strictly enforce prohibiting Laws or do not participate in INTERPOL)
- If caught, for example, at worse they might get:
- away with it entirely, zero consequence
-
off with a warning “slap on the wrist”
-
Fines and/or Penalties
-
minimal jail-time
-
How? They’ll claim “THEY THEMSELVES” never really did or tried anything malicious with your information
- but they would still have made money (which is typically the ultimate goal to begin with) “quick easy buck” after selling your information to the “real” crime-attempters
Screenshots (Example)
Parent Domain Analysis appears Safe / Trusted
However, the Malicious Links contained within
