Your invoice has been generated

• Rating: ★★★☆☆
• Date: 2024-07-22
• Objective: Credential harvesting
• Analyst: José Morim

This email claims that the user has a due invoice. The goal is to get the recipient, unaware of what service does the invoice belong, to open a PDF document attached to the email:

The malicious actors trick the recipient to click on a link embedded in the PDF which sends the victim to a credential harvesting website.

Unusual activity, action required

• Rating: ★★☆☆☆
• Date: 2024-07-23
• Objective: Credential harvesting
• Analyst: José Morim

This email is claiming to be from the recipient email service provider. It falsely claims impending account suspension due to suspicious activity and urges the recipient to login to their email by clicking on the "Verify your identity" button:

By clicking the button the victim is lured into a malicious website with the objective of stealing their credentials.

Document awaits your review and signature

• Rating: ★★★☆☆
• Date: 2024-07-26
• Objective: Credential harvesting
• Analyst: José Morim

This email pretends to be a shared document notification informing the recipient about a shared file. There is no file name but instead the recipient is informed that is a secure and encrypted file, in order to arouse curiosity and trick the user into clicking the "View Your Message" button.

After they click the button, the user is served a credential harvesting page.

IOCs

Keep up with threat insights

Threat insights is a weekly series were we present you with analysis from samples we collect. Follow us on social media for the latest feed and cybersecurity content. Stay informed and stay safe!

---

Get more insights like this

• Follow us on social media to get a weekly update of our latest content, and don't worry we won't spam your feed ;)
• Join our private beta and have a sneak peak of how your team will improve on their security posture.