![]() This kit is very similar to ‘Voicemail Scmpage 2019’ and gathers the same data, as shown in the image below: The second phishing kit we discovered is called ‘Office 365 Information Hollar’. The following data is harvested from the victims and emailed to the owner of the phishing site: The kit goes by the name of ‘Voicemail Scmpage 2019’ and operates on a license key basis, where the license key is checked prior to the phishing site being loaded.Ī snippet of the generated HTML code is shown below:Ī file, data.txt, is created on the compromised website and it contains a list of visitors, including their IP address, web browsers and the date. The first kit is being sold on an ICQ channel and the creator advertises it on social media. All three look almost identical but we were able to differentiate them by looking at the generated HTML code and the parameters which were accepted by the PHP script. Audio_Telephone_ Īs explained in the introduction, we were surprised to observe three different phishing kits being used to generate the malicious websites.We observed the following filenames being used for the attachments: When the password is entered, the user is presented with the following successful login page and redirected to the login page. The email address is prepopulated when the website is loaded this is another trick to reinforce the victim’s belief that the site is legitimate. ![]() Once redirected, the victim is shown the phishing page which asks them to log into their account. The HTML code which plays the recording is shown below: There are slight variations in the attachment, but the most recent ones contain an audio recording of someone talking which will lead the victim to believe they are listening to the beginning of a legitimate voicemail. The phishing email contains a HTML file as an attachment which, when loaded, will redirect the user to the phishing website. The attack begins when the victim receives an email informing them that they have missed a phone call, along with a request to login to their account to access their voicemail.Īn example of the malicious email is shown below: McAfee Customers using VSE, ENS, Livesafe, WebAdvisor and MGW are protected against this phishing campaign. However, during our investigation, we found three different malicious kits and evidence of several high-profile companies being targeted. At first, we believed that only one phishing kit was being used to harvest the user’s credentials. Over the past few weeks McAfee Labs has been observing a new phishing campaign using a fake voicemail message to lure victims into entering their Office 365 email credentials.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |