Technical analysis by the Malware Hunter JAMESWT

New global phishing campaign via “action required” on held messages. The objective is to steal credentials. The attack is tailored on the victim, as the email address is already fixed in the fake provider login page

Fake “action required” due to held messages is the last bait in a global phishing campaign on Webmail.

The goal is to steal the credentials. If the user opens the link in the message, he is directed to a false login page.

Moreover, it is a tailored attack. In fact, the receiver address is already fixed in the online form, and potential victims have just to digit the password.