Rewterz Threat Alert – TA505 APT Group Phishing Campaign
June 3, 2019Rewterz Threat Advisory – CVE-2018-16871 – Linux Kernel “nfsd4_verify_copy()” Vulnerability
June 3, 2019Rewterz Threat Alert – TA505 APT Group Phishing Campaign
June 3, 2019Rewterz Threat Advisory – CVE-2018-16871 – Linux Kernel “nfsd4_verify_copy()” Vulnerability
June 3, 2019Severity
Medium
Analysis Summary
A new phishing campaign is underway that pretends to be a list undelivered email being held for you on your Outlook Web Mail service. Users are then prompted to decide what they wish to do with each mail, with the respective links leading to a fake login form.
What we have usually seen in the phishing campaigns is the account cancellation notices or high volume of file deletions.
The phishing email then prompts you to choose whether you want to delete all of the emails, deny them, allow them to be delivered, or to whitelist them for the future. Regardless of the link you click on , you will be brought to a fake “Outlook Web App” landing page that asks you to enter your login credentials.
Once you enter your credentials, the page will save them so that they can be retrieved by the scammer at a later date.
Impact
- Credential theft
- Loss of sensitive information
Remediation
- Always be suspicious about emails sent by unknown senders
- Never click on the link/ attachments sent by unknown senders