image
A highly-targeted phishing attack pretends to deliver subpoenas, but actually ends up collecting victims’ Office 365 credentials. The ongoing campaign has slipped by Office 365 and gateway security controls to hit several C-Suite level victims thus far. The phishing emails spoof the U.S. Supreme Court, aiming to capitalize on scare tactics to convince targets to click on an embedded link. The email tells victims that it contains a writ issued by the Supreme Court, to compel them to attend a hearing. To view the subpoena, victims must click on the link. “Unlike spray-and-pray email fraud attempts, this email was expressly created and sent to trigger the required response,” said researchers with Armorblox in a Thursday analysis, shared exclusively with Threatpost. “The sender name impersonated the Supreme Court, making the email likely to get past eye tests when people glanced through it amidst hundreds of other emails in their overflowing mailboxes. The email language was terse and authoritative, including a CTA (call to action) in the email – View Subpoena – clearly describing the purpose of the email.” While the email’s sender name labeled as the ‘Supreme Court,’ a closer look at the email addresses showed that they were unrelated (they came from court@flippintoacure[.]com or court@somersethillsevents[.]com). From a social-engineering lens, the email was crafted to trigger urgency and fear,” Chetan Anand, co-founder and architect with Armorblox, told Threatpost. “The…

Source