Spear Phishing Handlers for Username/Password
Last Updated: 2023-02-18 19:21:22 UTC
by Guy Bruneau (Version: 1)
Reviewing my ISC mail inbox, I noticed that I had been receiving multiple phishing email that were very similar. Putting my cursor over each embedded pictures, I noticed the domain involved was the same for all of them. I copied the URL and started checking around for known threat intel on ipfs[.]io against various sites and found on urlscan.io , there was over 10000+ samples listed.
All these emails are asking the recipient to login to capture email address and password and the entries are Secured by Norton!
First Email (Received 2 copies with the same URL)
Last, a blog post by Lance Spitzner published on the 13 Feb 2023 about "Phishing - It's No Longer About Malware (or Even Email)"  highlight some of the changes on the phishing goals and some of the common indicators worth reading including two indicators are no longer recommended: misspellings and hovering of the link "except for highly technical audiences. One problem with this method is that you have to teach people how to decode a URL, which can be a confusing, time consuming, and technical skill."
Guy Bruneau IPSS Inc.
My Handler Page
gbruneau at isc dot sans dot edu