Rewterz Threat Advisory – Microsoft Windows PowerShell Command Execution Vulnerability
August 5, 2019Rewterz Threat Alert – Kassino Campaign Spreading Agent Tesla via Phishing Emails
August 5, 2019Rewterz Threat Advisory – Microsoft Windows PowerShell Command Execution Vulnerability
August 5, 2019Rewterz Threat Alert – Kassino Campaign Spreading Agent Tesla via Phishing Emails
August 5, 2019Severity
Medium
Analysis Summary
A long-running scam email campaign that pretends to be an unsubscribe confirmation request has seen an uptick recently. These emails should never be clicked on or responded to as they are designed to harvest working email addresses or to perform some other type of scam.
Over the past week, a constant stream of emails with subjects like “Confirm your unsubscribe request” or “Client #980920318
Unlike normal unsubscribe notifications, these scam emails do not contain any indication of what you are unsubscribing from and simply state.
Furthermore, these emails come in a variety of templates, with some being more professional looking like the one below.
While others, not so much.
If you are looking for trouble and click on the unsubscribe button, it will compose a new message with the subject of “Unsubscribe”, no message body, and will want to send the email to 15 to 20 email addresses. These email addresses are for domains hosted by noip.com’s free dynamic DNS service.
Indicators of Compromise
Email Subject
Confirm your unsubscribe request
Client #980920318
Remediation
Always be suspicious about emails sent by unknown senders.
Never click on the link/attachments sent by unknown senders.