A highly-targeted phishing attack pretends to deliver subpoenas, but actually ends up collecting victims’ Office 365 credentials. The ongoing campaign has slipped by Office 365 and gateway security controls to hit several C-Suite level victims thus far. The phishing emails spoof the U.S. Supreme Court, aiming to capitalize on scare tactics to convince targets to click on an embedded link. The email tells victims that it contains a writ issued by the Supreme Court, to compel them to attend a hearing. To view the subpoena, victims must click on the link. “Unlike spray-and-pray email fraud attempts, this email was expressly created and sent to trigger the required response,” said researchers with Armorblox in a Thursday analysis, shared exclusively with Threatpost. “The sender name impersonated the Supreme Court, making the email likely to get past eye tests when people glanced through it amidst hundreds of other emails in their overflowing mailboxes. The email language was terse and authoritative, including a CTA (call to action) in the email – View Subpoena – clearly describing the purpose of the email.” While the email’s sender name labeled as the ‘Supreme Court,’ a closer look at the email addresses showed that they were unrelated (they came from court@flippintoacure[.]com or court@somersethillsevents[.]com). From a social-engineering lens, the email was crafted to trigger urgency and fear,” Chetan Anand, co-founder and architect with Armorblox, told Threatpost. “The…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-05-21 09:00:002020-05-21 09:00:00Supreme Court Phish Targets Office 365 Credentials
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org