Researchers identified the sender’s IP address, which they discovered to be an open Remote Desktop Protocol (RDP) port. Email header analysis indicating SPF and DMARC verifications The email sender is possibly hacked, and the compromised account is used to send phishing emails.įigure 5. The prompt to reenter credentials Email header analysisīased on their email headers, the emails pass Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) verifications. The prompt to download or preview the documentĪfter clicking the “Download or Preview Here” link, users are led to a phishing page that masquerades as a Microsoft account login page.Īfter entering their account credentials, users will be informed that an incorrect account or password was entered, prompting them to reenter their credentials.įigure 4. On that page, users are prompted to click the link to download or preview a document that has apparently been shared using “Secured Microsoft Azure for OneDrive Cloud.”įigure 2. The phishing emails contain a link that leads to a page on Evernote. And it is this sharing feature that is exploited by threat actors to spread malicious PDF files via phishing emails.įigure 1. Evernote notebooks can be shared within the platform and through public links.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |