|
Many companies have extensive security tools to monitor employee computers. But these precautions often fail for "out of band" access that uses cellular networks instead of Ethernet/WiFi networks. Our reader Isabella sent us this phishing email that they received:
Note that the phone number is somewhat obfuscated, likely to protect it from tools inspecting email or network traffic. The user is asked to send an SMS. While SMSs may travel across WiFi networks in some cases, they are usually not accessible to network protection devices. In this case, the user received a link next:
The user is no likely going to click on the link using a mobile device, lessening the risk of discovery to the attacker. The target URL is no longer available, but Isabella reported that the link leads to a phishing page. The attack was somewhat targeted in that the attacker used consistent branding for the code to be sent. It included the short-form of the organizations name which is why I redacted it above. Even the target domain used (which is no longer reachable to me), "http://micro365upgrade.com" was plausible for an Office 365 upgrade. --- |
Johannes 4478 Posts ISC Handler Aug 23rd 2021 |
| Thread locked Subscribe |
Aug 23rd 2021 9 months ago |
|
Got one of these today. Text was "(Redacted US Bank): A Withdrawal of $100 is make from your A/C . If this is not you, kindly visit <shortened url> and verify yourself."
|
Anonymous |
| Quote |
Aug 24th 2021 9 months ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
