Well-Crafted Spear-Phishing Caught by our SEG

One or more employees of a Healthcare System had their email account(s) taken over by malicious user(s). An email was sent to some of our employees, luckily our SEG positively identified the email as a spear-phishing attempt. The malicious emails were automatically quarantined, but I went ahead and looked it up anyway as I was curious how this phishing attempt compares to others that we have seen.

  1. An email was sent from a known contact to some of our employees:

2. Even the body of the message looks like how this organization shares secured files:

3. The link that was used in the email uses a legitimate Box share location:

4. Once you clicked the Click Here to Access Documents, it takes you to a Microsoft Office login page that looks like the real Microsoft Login page. I would have been fooled if I didn’t look at the URL:

I am happy that our SEG caught this one.

Published by lightkunyagami

https://tryhackme.com/badge/18276

Leave a comment

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: