• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert : ‘Love You’ MalSpam campaign dropping Grandcrab Ransomware, Phorpiex Spambot and Cryptocurrency miner
January 15, 2019
Rewterz Threat Alert – A flaw in vCard processing could Allow Hackers to Compromise a Windows PC
January 16, 2019

Rewterz Threat Alert – “Office 365 Account Temporarily Disabled” Phishing Emails Resurface

January 16, 2019

SEVERITY: Medium

 

 

ANALYSIS SUMMARY 

 

 

After a break, office 365 phishing email campaign has resurfaced again asking the users to click on the page that redirects them to the phishing site that looks exactly like an office 365 page, asking for their credentials.
Users are sent a phishing email in which they’re told that their account has been temporarily disabled or they have limited access to the account. This campaign was previously active in 2018 and has resurfaced again after a few months gap.
This email would look like this.

 

 

 

 

The malicious phishing page demands credentials and personal information, which can be used in various kinds of malicious activities.

 

 

IMPACT

 

 

  • Exposure of personal information
  • System Access

 

 

INDICATORS OF COMPROMISE

 

 

Email Address

kurasi[@]sv342[.]xserver[.]jp

 

 

REMEDIATION

 

 

  • Users are strictly advised not to click on any link or document received from any unknown sender.
  • Moreover, make sure to never use the same password for multiple platforms because if a password is compromised, multiple accounts can be accessed.
  • Do not ‘unsubscribe’ from suspicious emails. It can be used to confirm via bots that the account is active. Simply mark unexpected emails as ‘spam’.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.