A new phishing campaign caught our attention recently due to the unique wording and varying tactics it uses in this "Security Alert." It threatens that the recipient's mailbox is infected with 3 deadly viruses and will shutdown if the warning is ignored.
Let's take a quick look at this credential-harvesting attack.
Security Alert - 3 Deadly Viruses
The phishing theme follows typical email shutdown threats, however, contains this unique "3 deadly virus" scare twist. The URL, which includes the intended victim's email address, directs to a compromised Wordpress page. The phishing site uses that address to generate content customized to the recipient.
Classic Hacker Themed Black & Green Phishing Site
The phishing site's hacker theme is a departure from the emails antivirus alert theme. It's no secret that phishing attacks are more successful when they create a sense of urgency and fear, this one attempts to do both. While viewing the site (video below), a rather unconvincing countdown clock appears, and the site acts as if it is deleting email addresses on the target's domain.
There is a field for the target to enter in their email password to "Validate Email." If entered, this would provide the attacker the target's credentials. These generic style of credential gathering attacks are often used in follow-up attacks that are customized and typically financially-themed spearphishing such as Business Email Compromise (BEC) attacks.
To ensure you are protected against phishing and malware attacks - contact us for a free trial of our Advanced Email Security