November 16, 2024
Several phishing emails pretended to be urgent security alerts from well-known banks, warning recipients of unauthorized access or account restrictions. These emails included links that directed users to phishing pages designed to capture login credentials.
Victims who entered their credentials saw a generic "security review in progress" message, while their data was sent straight to the attackers.
This phishing attempt impersonates a popular email provider, alerting users that their inbox requires urgent verification. The email contains a convincing "Verify Now" button.
Clicking it takes users to a fake login page, designed to look identical to the real email provider's login portal. Once credentials are entered, the attacker gains full access to the victim’s email account.
This phishing email lures victims by claiming they have been pre-approved for a large loan with attractive terms. It urges recipients to click a link to "finalize their approval."
Instead of leading to a bank’s official site, the link takes users to a fraudulent financial portal that requests personal information, including Social Security numbers and banking details.
| TYPE | IOC |
|---|---|
| URL | hxxps[://]securelogin[.]net/bank-update |
| URL | hxxps[://]emailverify[.]co/verification |
| URL | hxxps[://]quickloanapproval[.]info |
| FILE | 5e7baf4b3d94cf126b3e2e9c8370a1b5d4e2fd8f9214f3e556c9a2e7f5a3b4e6 |
| FILE | 97c1d3a6b5e4fd8a2f5c3b7e9d126b4e2fd8f5a3b4e6c9a2e7f5a3b4e6d1c2b7 |
Threat Insights is a weekly series where we present you with analysis from samples we collect. Follow us on social media for the latest feed and cybersecurity content. Stay informed and stay safe!
