Last Updated: 2023-10-29 17:09:35 UTC
by Guy Bruneau (Version: 1)
In the past week, the handler mailbox has been receiving several emails, some asking to authenticate to get a password and other to add more storage. It is clear that all of them have the same goal, to get access to the password associated with the account.
If the anti-spam filter doesn't catch/block them, most of them have a similar format containing the pre-filled email address (in this case the handler email) at the end of the URL asking to enter the password to fix the problem. Sometimes there is little or no URL obfuscation  where other, you are not exactly sure where the full URL is taking you and may need a tool like CyberChef  to rebuild it.