Contents x
    Phish Wire - Feb 11 2025
    • 12 Feb 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Contents

    Phish Wire - Feb 11 2025

    • Updated on 12 Feb 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Article summary

    Online threats continue to evolve quickly, with recent reports highlighting a substantial rise in UPS phishing attempts, reflecting the growth in online shopping as consumers capitalized on post-holiday sales. We've also observed a rise in phishing attacks targeting both Chase Bank and OneDrive users. In this edition of Phish Wire, we'll focus on these trends, highlighting key examples and offering insights to help you stay vigilant against these ongoing threats.

    • 0nlinesecuremessagetransmission[.]afsinvestmentplansfile[.]sbs/?JgTXv=Ww21

    • vfb-bilder[.]de/wp-includes/images/one-drv11[.]html

    • jm01dn22-cpmor00eu[.]com/C0nf1rmat1on-4FC758187/

    • j07en03us-pm07sou09eu[.]es/C0nf1rmat1on-748564865

    • usps[.]com-trackhnu[.]top/us

    • usps[.]com-tracktho[.]top/i

    • usps[.]com-trackvjs[.]top/us

    • usps[.]com-trackqfg[.]top/us

    Traceless Microsoft Spearphish

    A Texas administrator clicked on a Microsoft spearphish that referenced accessing a file. Upon investigation, the IT supervisor found no trace of the link delivered through the corporate mailbox and concluded that it was clicked from a malicious file share or an attachment in a personal email. A very similar case occurred the same day when a staff member clicked a Microsoft spearphish referencing a secure message that also left no trace in the corporate mailbox.

    USPS Explosion

    During the holidays, there was a significant increase in USPS smishing and phishing scams, taking advantage of the anxiety surrounding timely package deliveries. Sixteen different UPS phishing links were identified and clicked on by approximately thirty users.

    To summarize the scam, these attacks begin with a ‘Delivery Failure’ notification that urges the recipient to update their address for a package set to arrive by a certain date. After updating the address, the user is prompted to pay a small ‘redelivery service fee’ and provide their credit card information.

    We observed a significant increase in variants of this phishing attack clicked by users throughout the US. The table below displays a list of links clicked by users in Texas, Kentucky, Washington, Idaho, and California.

    Mitigations

    • Add the specified domains to your block lists.

    • Focus awareness efforts on high-risk credentials.

    • Remind users of rampant USPS phishing scams over the holidays.

    • Educate users that phishing in their personal email can pose serious risks to their organization.

    Was this article helpful?
    What's Next
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence