August 30, 2024
This email aims to impersonate the recipient's email service provider, creating a false sense of urgency by claiming that the account will be unable to send or receive emails unless verified within 24 hours. The call to action is a button labeled to activate two-factor authentication (2FA), misleading the user into believing that this step is necessary to secure their account and maintain email functionality.
This email falsely appears to be from the recipient's email service provider, pressuring them to click a link to upgrade their mailbox to avoid potential service interruptions. However, the link leads to a credential-harvesting page designed to steal their login information instead of providing a legitimate upgrade.
This email masquerades as a notice from the recipient's email service provider, deceptively presenting itself as a "Pending Mails" alert. It claims that two incoming messages are currently on hold, implying that the recipient must take immediate action to release and receive these emails. The message is designed to create a sense of urgency, encouraging the recipient to click a link or button under the pretense of resolving the issue and accessing the delayed emails.
| TYPE | IOC |
|---|---|
| URL | hxxps[://]email[.]poppular[.]click/maintainance[.]aspx |
| URL | hxxp[://]mortgageboss[.]ca/link[.]aspx |
| URL | hxxps[://]servidorportal[.]com/gmsabav6u2ni24ttnvmnlrxgnqbafkreiet7olwidaqbs7ankqng2zcc2o4/ |
| URL | hxxps[://]bafybeih227agijgldkxteu4vrfimz4lnbba7prgcz3jxwmsty4iujerjk4[.]ipfs[.]dweb[.]link/Dekan111[.]htm |
Threat insights is a weekly series where we present you with analysis from samples we collect. Follow us on social media for the latest feed and cybersecurity content. Stay informed and stay safe!
