The Cofense Phishing Defense Center (PDC) has analyzed a phishing campaign that is aimed to harvest an employee’s Microsoft credentials via a malicious HTML attachment. The attached file includes spliced code when it’s executed it scrapes for the employee’s credentials.
As seen in Figure 1, the subject of the email “Reminder for…” gives the employee a sense of urgency, something they may have missed or overlooked previously. Perhaps not so urgent, but does have an interesting object within the body, an attached HTML file named “Secureproofpoint[.]html[.]”
The attachment name could refer to the trusted vendor Proofpoint Secure Share a cloud-based solution that enables enterprise users to exchange large files in a secure and compliant manner to enterprise policies. ...read more!
