Spam and phishing mail

Would you answer this email?

You might think if you don’t use Internet banking, you’re not going to be targeted by phishers. Or you might have heard about phishing attacks targeting PayPal and eBay users, so you’re careful not to fall for fake emails from these organizations. But even if you’re reasonably security aware, there are phishing messages out there designed to catch you out!

We got a message today which seemed to come from Blizzard:

Of course, this message is designed to get people to give up their account details. Whoever created this email was smart enough not to include any links in the message – after all, lots of people are now on the lookout for signs of a typical phishing message. Looking for other typical signs doesn’t reveal very much: the mail client shows the sender address as wowaccountadmin@blizzard.com, although the email was actually sent from wowaccountadmin@blizzarid.com.

So what should you do if there aren’t any obvious signs that a message is a fake? One simple rule will help you protect yourself: if you get an email asking for your password or other confidential details, assume it’s a fake unless you can verify it by other means.

Would you answer this email?

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox