11 October 19, 07:31
Quote:Continue Reading
Users are lured with a fake document sent via email. How this new phishing campaign works and how to stay safe.
People in Nordic countries and beyond should beware: there’s a new credential stealing campaign up and running. For now, it seems to be hitting mostly these countries, but there’s no telling when it will extend to the rest of the world. Where there’s (illicit) money to be made, hackers are restless.
How the New Nordics Credential Stealing Campaign Works
As far as we’ve seen so far, the new Nordics credential-stealing campaign is targeting working emails. The malicious message pretends to be part of a previously agreed upon conversation, since the document is introduced as a link, without much explanation.
This is how a typical email looks like:
Quote:Fra: [sender email address] Sendt: 2. oktober 2019 09:56
Emne: Doc
Prioritet: Høj
Hei
Finn vedlagte dokument
Vis Dokument (https://amagauto-my.sharepoint.com/perso...cdca%2F%29)
Med vennlig hilsen
[Name
Phone, Email, Company name etc.]
Translated into English, this email would be this:
Quote:From: [sender email address]
Posted: October 2, 2019 9:56 AM
Subject: Doc
Priority: High
Hi
Find the attached document
View Document (https://amagauto-my.sharepoint.com/perso...iew&wd=tar 7C97f58f57-7285-4f70-8af0-fb5d7d3e3b82% 2FPDF% 20002% 7C4c8df191-241d-4d43-91b6-b3658f3bcdca% 2F% 29)
With best regards
[Name
Phone, Email, Company name etc.]
What happened next, if the user clicked that link?
They are redirected to a picture of a document (it’s not even a real document). The picture has a hyperlink inserted on it, which means that when a user clicks it, they will be redirected to a malicious page.
The fraudulent page then asked users to login with whatever account they had, either Yahoo, Office 365, Gmail, etc.
...