One or more employees of a Healthcare System had their email account(s) taken over by malicious user(s). An email was sent to some of our employees, luckily our SEG positively identified the email as a spear-phishing attempt. The malicious emails were automatically quarantined, but I went ahead and looked it up anyway as I was curious how this phishing attempt compares to others that we have seen.
- An email was sent from a known contact to some of our employees:
2. Even the body of the message looks like how this organization shares secured files:
3. The link that was used in the email uses a legitimate Box share location:
4. Once you clicked the Click Here to Access Documents, it takes you to a Microsoft Office login page that looks like the real Microsoft Login page. I would have been fooled if I didn’t look at the URL:
I am happy that our SEG caught this one.