Category Archives: Phishing Defense Center

PhishMe®’s Phishing Defence Centre has observed multiple emails with a subject line that includes a reference to tax declarations in Switzerland (Original subject in German: “Fragen zu der Einkommensteuerklaerung”) as shown in Figure 1. The sender pretends to be a tax officer working for the tax administration (Eidgenoessische Steuerverwaltung ESTV) and is asking the victim to open the attached file to answer questions about the tax declaration. Figure 1 – Fake Tax Declaration Email Attached to this email is a Word document named ESTV Dokument_593657_17_10_2017.doc (MD5: 1238275981104959492a0788d1e1eaf6). Filenames in this campaign follow the naming convention Dokument_{Digits}_DD_MM_YYYY.doc. Opening this document prompts…

The post Fake Swiss Tax Administration Office Emails Deliver Retefe Banking Trojan appeared first on PhishMe.

Fake Swiss Tax Administration Office Emails Deliver Retefe Banking Trojan was first posted on October 25, 2017 at 9:58 am.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading Fake Swiss Tax Administration Office Emails Deliver Retefe Banking Trojan→

Our Phishing Defense Center recently detected a significant increase in the number of emails with malware designed  exclusively to target users in Brazil. As attackers grow in sophistication and skill, we continue to observe that they are planning their attacks to be smaller in scope to maximize success and avoid detection. In this article we are going to review one such attack. First, a little more background. Some time ago, cybercriminals used rudimentary techniques in attacks against users of online banking in LATAM countries. The use of RATs was common and we did not often find the advanced web injects…

The post Malicious Chrome Extension Targets Users in Brazil appeared first on PhishMe.

Malicious Chrome Extension Targets Users in Brazil was first posted on October 17, 2017 at 11:37 am.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading Malicious Chrome Extension Targets Users in Brazil→

PhishMe® analyzes phishing attacks intended for corporate email all the time—phishing for corporate email credentials, malware delivery, etc. However, we also analyze phishing for consumer service credentials—think online shopping or Netflix—since it is also a part of the threat landscape. Everyone has accounts for these consumer services. Attackers are not always discriminant in who receives their phishing messages. We see consumer services phished in the corporate environment also. This might be successful because people use corporate email for consumer stuff all the time. If the threat actor can find examples of password reuse, phishing a consumer service like Netflix might…

The post Heads Up: This Netflix Phish Targets Business Email, Not Just Home Accounts appeared first on PhishMe.

Heads Up: This Netflix Phish Targets Business Email, Not Just Home Accounts was first posted on October 10, 2017 at 9:20 am.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading Heads Up: This Netflix Phish Targets Business Email, Not Just Home Accounts→

Over the past few weeks, our Phishing Defense Center has observed several emails with malicious PDF attachments that prompt the user to download a .UUE file from Dropbox. UUE files (Unix to Unix Encoding) are files encoded with uuencode, a program that converts binary files to text format for easy transfer while still allowing for the files to be easily opened using Winzip or similar un-archiving applications. When file extensions are not displayed in Windows, the downloaded file looks like any other compressed file (as shown in Figure 1), which makes it harder to spot that this file is indeed…

The post NanoCore Variant Delivered Through UUE Files appeared first on PhishMe.

NanoCore Variant Delivered Through UUE Files was first posted on September 8, 2017 at 10:53 am.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading NanoCore Variant Delivered Through UUE Files→

Our Phishing Defense Center identified and responded to attacks leveraging a relatively new Microsoft Office vulnerability during the past few weeks. Last week, the PDC observed threat actors exploiting CVE 2017-0199 to deliver the Smoke Loader malware downloader which in turn was used to deliver the Zeus Panda botnet malware. These emails claim to deliver an invoice for an “outstanding balance” and trick the recipient to opening the attached file. In one instance, we have also seen the malicious attachment being delivered via URL. The subject lines of the emails followed a pattern of alphanumeric characters and the phrase “Invoice…

The post Threat Actors Leverage CVE 2017-0199 to Deliver Zeus Panda via Smoke Loader appeared first on PhishMe.

Threat Actors Leverage CVE 2017-0199 to Deliver Zeus Panda via Smoke Loader was first posted on June 22, 2017 at 1:12 pm.
©2017 “PhishMe Staging“. Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at pmit@phishme.com
Continue reading Threat Actors Leverage CVE 2017-0199 to Deliver Zeus Panda via Smoke Loader→