Project

General

Profile

[Phishing] PhishQueue Public Warning - Leaked Password

Added by Carsten Rose over 2 years ago

PhishQueue Public Warning

PhishQueue is a Phishing Email Analysis Service designed to allow users
to report suspicious messages and receive expert analysis to detect
malicious and/or harmful intent.  During the investigation of a recent
message, PhishQueue analysts at BSI discovered a log file on an
attacker’s system listing all users who had submitted their username and
password in response to their phishing emails.  You are receiving this
public warning because your email address and password were found on
that list.

The reported phishing email contained an attached file that when opened
presented the user with a fake Outlook Web App page prompting for login.
 The message analyzed by PhishQueue had the following properties:

Email Subject(s):      Scanned  Fax Received_Sunday, December 19, 2021..
                                    Scanned  Fax Received_Monday,
December 20, 2021..
Email Sender:           Efax049583@twps.com.au <cnc.sjd@qualimed.com.ph>

Email Attachment:  info-[EMAIL ADDRESS]23487.shtml

What should you do?

    Change your password immediately and notify your Security/IT
department regarding this message.
    Locate the original phishing message and permanently delete it from
your Inbox, Sent Items, Deleted Items and Junk Email folders. (To
permanently delete an email, hold down the Shift key while clicking Delete).
    Consider adding PhishQueue to your organization’s email security
defenses.  For more information, view our video
https://www.youtube.com/watch?v=gjKmnRA4Fcc  and contact us at
727-864-5500 or email sales@bsius.com

bsius.com - The Special Forces of Cybersecurity

DISCLAIMER: PhishQueue and the BSI Analysts make every effort to
identify malicious and harmful artifacts in reported emails, but as with
any type of forensic investigation, perfect accuracy is unachievable.
Treat all unsolicited email with caution.  The safest course of action
is to confirm directly with the sender via an alternate communication
method.  Please do not reply to this report as it is sent from an
unmonitored mailbox.

Comments