Phish Wire - Oct 14 2024
  • 14 Oct 2024
  • 1 Minute to read
  • Dark
    Light

Phish Wire - Oct 14 2024

  • Dark
    Light

Article summary

Phish Wire: October 14 2024

Early October saw widespread phishing campaigns targeting large numbers of district staff members. Below are a few examples to highlight.

  • accuratehire[.]co[.]in

  • aindialkila[.]com

  • couriertrip[.]com

  • outhitcaninus[.]shop

  • mooterduarch[.]top

  • curiocity[.]ca

  • zemb[.]zmqyzjlozozbz[.]top

  • icon[.]eu[.]com

  • tiewalesemi[.]de

Widespread Stealth Email Phishing

On Thursday, October 10th, a malicious spearphish was delivered to a large number of staff members at a PhishID district. The email was a ‘Timesheet Report’ sent from info@transflucol[.]com[.]co. The email content referenced real individual roles and user emails in the targeted district

Embedded in the ‘View Timesheet’ button was a link hosted on a public university web domain for the state of Maine: maine.edu. Upon clicking, the link first redirects to a Google redirect notice, then to a (likely impersonated) Cloudflare account verification, and finally to its intended destination: a credential harvesting phishing attack.


Phishing attacks like this can be extremely difficult for email security tools to identify. First, the original link delivered in the email was hosted on a legitimate third-party domain. Further, it redirects multiple times, first to a Google domain (itself, another legitimate domain), then to a verification step, requiring an additional user click, and then to its intended payload. The PhishID browser extension detected the incident by tracking and blocking all the redirects. The district reported 91 unique user clicks on the malicious email link.

Multi-Channel Phishing

The above example illustrates stealthy tactics hackers use to deliver phishing attacks into well-protected email environments. However, in the examples below, PhishID detected attacks that were altogether delivered and clicked outside district email, including an Adobe file and two via personal email. These all were detected over 7 days starting October 3rd.

 

Actions

  • Remember to add these domains to your block lists, spam filters, and web content filters

  • Focus awareness efforts on high-risk credentials (staff and students)

  • Deploy PhishID to protect credentials from targeted spear phishing campaigns

  • Prioritize phishing awareness efforts for high-priority staff

  • Educate users that multi-factor authentication is not a phishing panacea

  • Encourage users to double-check the domain even if the page is requesting a multi-factor one-time-password


Was this article helpful?

ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence