Page 9 - Threat Intelligence 11-5-2019
P. 9

Social Engineering













        New Office 365 Phishing Scam Leaves A Voicemail. A new Office 365 phishing campaign delivers a fake
        voicemail message to redirect victims to a Web page that prompts them to enter login credentials, McAfee
        researchers discovered. Researchers initially thought one phishing kit was being used to steal users' data;
        however, an investigation revealed three separate kits and proof of several high-profile companies targeted.
        The attack starts with an email informing victims they missed a phone call and instructing them to log into
        their accounts to access a voicemail. When they load the attached HTML file, it redirects them to a phishing
        website. Researchers note this attachment varies; in most recent attacks, it contains an audio recording
        disguised to sound like the beginning of a real voicemail.
                Source:         https://www.darkreading.com/new-office-365-phishing-scam-leaves-a-voicemail/d/d-
                id/1336231



        Mobile-aware phishing campaign targets UNICEF, the UN, and many other humanitarian organizations. A
        few days ago researchers from the Lookout Phishing AI reported a mobile-aware phishing campaign that
        targets non-governmental organizations around the world including UNICEF, a variety of United Nations
        humanitarian organizations, the Red Cross and UN World Food, etc. The company has also contacted law
        enforcement and the targeted organizations. “The campaign is using landing pages signed by SSL certificates,
        to create legitimate-looking Microsoft Office 365 login pages,” Threatpost reports.

                Source: https://securityboulevard.com/2019/10/mobile-aware-phishing-campaign-targets-unicef-the-
                un-and-many-other-humanitarian-organizations/



        Report: Over 20% of Phishing Campaigns Target Microsoft Users. Almost 4,000 domains and 62 phishing kit
        variants used to target Microsoft users were uncovered within an observation window of 262 days, according
        to new report by Akamai Technologies. This finding on Microsoft’s susceptibility to abuse echoes what we
        reported in the 2019 Trend Micro Midyear Security Roundup, where it was revealed that the number of
        blocked unique phishing URLs that spoofed Microsoft increased by 76% from 2018 2H to 2019 1H.
                Source:    https://www.trendmicro.com/vinfo/fi/security/news/cybercrime-and-digital-threats/report-
                over-20-of-phishing-campaigns-target-microsoft-users























                                                    www.accumepartners.com
                                                                                                                     9
   4   5   6   7   8   9   10   11   12   13   14