Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Bulk Phishing Campaign via PW Protected Docs SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bulk Phishing Campaign via PW Protected Docs
This morning we received several notifications from our e-mail protection software about several e-mails which were blocked because they contained password protected documents. After investigating these e-mails, I had a hard time finding a pattern. They all seem to come from multiple senders and domains with different subjects. The only common factor I found was the content of the e-mail.

Each message was only 3-4 lines long and all of them reference, "Please see attachment, you will also need File Passcode: r68nJ3". The passwords provided where all different, but similar in that they were 4-7 characters in length.

I'm just wondering if anyone else is seeing similar activity today as this seems to be some mass phishing campaign from multiple sources/countries.

Thanks,

J. Meetze
jmeetze

3 Posts
Hello J,

Yes, this is more and more common to received password protected docs to prevent scans by AV's.

KR,
/x
Anonymous

-
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!