Tecnica analysis by the Malware Hunter JAMESWT

Second phishing campaign on Webmail. The bait this time is the unexpected closure of the account and some pending messages. With the excuse of fixing the error, threat actors try to steal the credentials

Second cybercrime Webmail-themed phishing campaign: this time the bait is the sudden closure of the e-mail account, following which some messages remained pending. The text asks you to open a link to fix the errors that led to the blocking of the email.

This points to a fake login page of the provider, in which the entry of username and password is required.

As in the “mailbox almost full” campaign, when the operation is completed, a message appears with a “server error”, inviting the user to connect at a later time. In reality, the credentials will have been stolen.