I found a marginally interesting phishing scam in my server quarantine folder overnight. The main reason for posting this today is the way the scammer is performing the phishing scam. Unlike many similar scams, there are no direct links to any website. Instead the scammer has attached an encoded html file so it is more difficult to find the links. Then there are still no direct links or connections via the post button. Instead everything is done via .js files on a remote what appears to be a compromised Nigerian website site nosakhealthcare.com. where a subdomain is being used. http:// taxuytrewqasdfghjklmnbvcxzasdfghjklpoiuytrewqasdfghjklmnbvcxz.nosakhealthcare.com on … Continue reading →