Spam and phishing mail

Stealing User’s Password with Free Online Forms

I just received a spam e-mail in Portuguese stating that my mailbox had exceeded its maximum storage.

TranslationAttention! Your email box has exceeded the 20Gb storage limit set by the Administrator. At this moment you are using 20,9Gb and can’t send or receive new messages unless you revalidate your email inbox. 
Please click on or copy the link below to revalidate and to update it. 
You have to access your email box via the link below to update and revalidate your email inbox. 
Thank you,
Email Administrator. 

It’s classic phishing, abusing Free online forms. If you click, you will see the next set of messages:

(This Captcha warning message is not in Portuguese anymore but in French)

Why do such simple attacks still work? Well, in Latin America, in the good sense of this word, people are very naïve. It’s clear that attacks do not need to be complex to be effective. Simple tricks used 10-15 years ago are still functioning for cybercriminals. And as you can see, there is no need to clone an original Web site, so any rookie cybercriminal is able to use such methods to steal users’ information.

I already reported the form as fraudulent and hope it will be taken down quickly.

Stealing User’s Password with Free Online Forms

Your email address will not be published. Required fields are marked *

 

Reports

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Tomiris called, they want their Turla malware back

We continued to track Tomiris as a separate threat actor over three new attack campaigns between 2021 and 2023, and our telemetry allowed us to shed light on the group. In this blog post, we’re excited to share what we now know of Tomiris with the broader community, and discuss further evidence of a possible connection to Turla.

Subscribe to our weekly e-mails

The hottest research right in your inbox