The link in this email goes to:
From: M Tufail Shakir [admin@ebookmalls.com]
Date: 27 May 2016 at 08:42
Subject: Re: Final PO Contract..xlsx
Please see below attachment for the final signed contract
Regards,
27-05-2016
Tom Yip | Regional Sales Team | Marchon Eyewear (HK) Ltd.
Room 1503-05, 15/F, One Island South, 2 Heung Yip Road, Wong Chuk Hang, Hong Kong
P: (852) 2814 6674 | tyip@marchon.com
From: Marites [villaventures@hotmail.com]
Sent: Thursday, May 26, 2016 2:15 PM
To: [redacted]
Cc: Jeff Lam; Swallow Yeung
Subject: SF and CE Contract
Final Contact Statement.xlsx 1 file (Total 387.5 KB) View | Download
cagselectrical.com.au/libraries/emb/excel/excel/index.php?email=[redacted]
This gives a pretty convincing looking facsimile of an Excel spreadsheet, prompting for credentials..
Entering any combination of username and password seems to work, then you get redirected to a GIF of a spreadsheet..
Curiously, this GIF is not part of a phishing site but is on a wholly legitimate site belonging to a software company called Aspera (you can see it here):
download.asperasoft.com/download/docs/console/2.0/linux/html/images/console/console-report-ex1-xls.gif
The asperasoft.com domain is NOT involved in the phishing nor has it been compromised. As ever, I would advise you not to explore links like this as they might lead to an exploit kit or malware, and bear in mind that some phishing pages are better than others, and this is one of the more convincing ones that I have seen recently.
No comments:
Post a Comment