Here's one discovered last week in the telemetry at the massive Security Operations Centre (SOC) here at OpaCyber Security's Global Headquarters 😉
I think they may have gone a little OTT on the social engineering 🤣
This one was slightly unusual as there was absolutely no text in the body of the email, just a PDF attachment
Here is the avalanche of social engineering red flags 🚩:
1️⃣ Office365-closure Document (Oh no!) 🚩 Fear. Also perhaps 🚩 Authority (it is supposed to be from Microsoft!)
2️⃣ 🚩 Fear and 🚩 Urgency
3️⃣ 🚩 Fear, or you might go the other way and think 🚩 Liking (someone is giving me the way out of this predicament)
4️⃣ 🚩 Fear
5️⃣ 🚩 Fear
6️⃣ (Expired?. I've been trying to remember if I know any 2FA application that expires. So far I've come up with a big fat zero 🤣) 🚩 Fear and 🚩 Urgency
7️⃣ (Outdated?) 🚩 Fear and 🚩 Urgency
8️⃣ (bad grammar, tsk, tsk 🤣) The 1st line is 🚩 Fear but the 2nd, again, could be 🚩 Liking ("Oh my, how helpful!")
and lastly:
9️⃣ after all that work, the link didn't work 🤦♂️ (of course it may have been taken down between detection and investigation) Final 🚩 is that the domain was only created two days before the phish was received. Not something you might know how to check but just FYI 😉 (also, note that the domain contains microst not microsoft)
This attempt was reported as a Phish by the recipient as they receive regular Security Awareness Training and Simulated Phishing from OpaCyber Security. How good would you or your staff be at spotting something similar? If that is a concern and you would like to explore solutions, get in touch
Comments