Phishing Scams Alert

We have noticed several phishing scams lately. If you receive any of the emails below, follow these remediation steps on your Coro console: 

Remediation:  

Delete this email and block the sender’s email address if you see it pop up in your console. From the Actions menu first select the “Delete this email” option and then select the “Add sender to blocklist” option. 

Phishing Event #1 

• Sender: [email protected] 
• Subject: Immediate Assistance. 
• Analysis: 
• The sender uses the display name: <A random name that doesn’t match the email address> 
• Sender is trying to change user’s direct deposit information 

• Sender is using urgent messaging 
• Sender is trying to impersonate as one of the employees of the company  

Phishing Event #2 

• Sender: [email protected] 
• Subject: Review Held Message <recipient’s email address> 
• Analysis: 
• The sender uses the display name: Report<Company’s domain> 
• Fake report email  

• The sender attaches a malicious png file 
• The file attachment’s name is: vb.png 

Phishing Event #3 

• Sender: [email protected] 
• Subject: Thursday, May 11, 2023 Reminder Message for <recipient’s email address> 
• Analysis: 
• The sender uses the display name: Password Reminder<Company’s domain> 
• Sender using the phrase “Keep my password” which is common in phishing emails 

• Sender is using an image to try and impersonate Microsoft 
• The sender is attempting to get the user to click on a malicious link 

Phishing Event #4 

• Sender: [email protected] 
• Subject: A Financial Statement Ref#<Random numbers> 
• Analysis: 
• The sender uses the display name: shared<Company’s domain> 
• The sender attaches a malicious HTM file to the email. 

• HTM files can redirect users to a malicious webpage.  
• The file attachment’s name is: 2023 Financial Forecast.HTM 

Phishing Event #5 

• Sender: [email protected] 
• Subject: <recipient name>, A fax of 2 pages has been received on 2023/05/18 for <recipient’s email address> and has been attached to this email – See Enclosed to download & review 
• Analysis: 
• The sender uses the display name: fax<Company’s domain> 
• Fake fax email  

• The sender attaches a malicious htm file to the email. 
• htm files can redirect users to a malicious webpage.  
• The file attachment’s name is: Docusign DOC004 Thurs May 18 2023.htm 

Phishing Event #6 

• Sender: [email protected] 
• Subject: OneDrive@<recipient’s email address> 
• Analysis: 
• The sender uses the display name: e-PrintExpress@-<Company’s domain> 

• The sender attaches a malicious html file to the email. 
• html files can redirect users to a malicious webpage.  
• The file attachment’s name is: <recipient name>_(996).html 

Phishing Event #7 

• Sender: [email protected] 
• Subject: Encrypted Remittance sent on May 22, 2023 at 01:42:40 PM 
• Analysis: 
• The sender uses the display name: [email protected] 

• Fake encrypted remittance email  
• The sender attaches a malicious htm file to the email. 
• htm files can redirect users to a malicious webpage.  
• The file attachment’s name is: ➡Wlre_Confirmation.htm 

Phishing Event #8 

• Sender: [email protected] 
• Subject: Upcoming payroll changes 
• Analysis: 

• The sender uses the display name: <A random name that doesn’t match the email address> 
• Sender is trying to change user’s direct deposit information 
• Sender is using urgent messaging 
• Sender is trying to impersonate as one of the employees of the company  

Phishing Event #9 

• Sender: [email protected] 
• Subject: <recipient’s email address> You Recieved New Files On Friday, May 26, 2023 at 7:16 PM 
• Analysis: 

• Sender is using image to make the attachment appear real 
• Fake DocuSign email 
• The sender is attempting to get the user to click on a malicious link 

Phishing Event #10 

• Sender: [email protected] 
• Subject: Confidential- Please sign and return*lMonday, May 22, 2023 for <recipient’s email address> 
• Analysis: 
• The sender uses the display name: Document Notification <recipient’s email address> via 

• Sender is using image to make the attachment appear real 
• Fake DocuSign email 
• The sender is attempting to get the user to click on a malicious link 

Phishing Event #11 

• Sender: [email protected] 
• Subject: Monday, May 22, 2023 Password Reminder Message for <recipient’s email address> 
• Analysis: 
• The sender uses the display name: Doc Notification@<Company’s domain> 

• Sender is using image to make the attachment appear real 
• Sender using the phrase “Keep the same password” which is common in phishing emails 
• The sender is attempting to get the user to click on a malicious link 

Phishing Event #12 

• Sender: [email protected] 
• Subject: Revalidation Required – Today From at 3:33 PM on 5/22/2023 
• Analysis: 
• The sender uses the display name: IT Desk@<Company’s domain> 

• Sender is using image to make the attachment appear real 
• Sender using the phrase “Keep my password” which is common in phishing emails 
• The sender is attempting to get the user to click on a malicious link 

Phishing Event #13 

• Sender: [email protected] 
• Subject: Monday, May 22, 2023 
• Analysis: 

• The sender uses the display name: Notification@<Company’s domain> 
• Sender is using image to make the attachment appear real 
• Sender using the phrase “Keep my password” which is common in phishing emails 
• The sender is attempting to get the user to click on a malicious link 

Phishing Event #14 

• Sender: [email protected] 
• Subject: VN Notification for <recipient’s email address>, Listen to Audio Attached 
• Analysis: 

• The sender uses the display name: voice@<Company’s domain> 
• Fake VM 
• The sender attaches a malicious htm file to the email. 
• htm files can redirect users to a malicious webpage.  
• The file attachment’s name is: audio_message.htm 

Phishing Event #15 

• Sender: [email protected] 
• Subject: Assistance is needed 

• Analysis: 
• The sender uses the display name: <A random name that doesn’t match the email address> 
• Sender is trying to change user’s direct deposit information 
• Sender is trying to impersonate as one of the employees of the company  

Phishing Event #16 

• Sender: [email protected] 
• Subject: Wednesday, May 24, 2023 Message for <recipient’s email address> 
• Analysis: 

• The sender uses the display name: <A random name that doesn’t match the email address> 
• Sender is using image to make the attachment appear real 
• Sender using the phrase “Keep my password” which is common in phishing emails 
• The sender is attempting to get the user to click on a malicious link 

Phishing Event #17 

• Sender: [email protected] 
• Subject: Voice Transcript for 54 seconds 
• Analysis: 

• The sender uses the display name: RingCentral [email protected] for <recipient’s email address> via 
• Fake VM 
• Sender is using image to make the attachment appear real 
• The file attachment’s name is: voice_mail_transcript.shtml 

Phishing Event #18 

• Sender: [email protected] 
• Subject: New Fax Message from RingCentral on 05/25/2023 08:50 AM 
• Analysis: 

• The sender uses the display name: RingCentral [email protected] for <recipient’s email address> via 
• Fake VM 
• Sender is using image to make the attachment appear real 
• The file attachment’s name is: FAX_20230525_133075881340.shtml 

Phishing Event #19 

• Sender: [email protected] 
• Subject: (Notification) 4 Inbound Mails (null) | Thursday, June 1, 2023 | adamogroup.com| <recipient’s email address> 
• Analysis: 

• The sender uses the display name: <Company’s domain> Desk@<Company’s domain> 
• Sender is using image to make the attachment appear real 
• Sender using the phrase “View messages” which is common in phishing emails 
• The sender is attempting to get the user to click on a malicious link 

The post Phishing Scams Alert appeared first on Coro Cybersecurity.

*** This is a Security Bloggers Network syndicated blog from Blog | Coro Cybersecurity authored by Josh Klasco. Read the original post at: https://www.coro.net/global-phishing-scams-alert/