The “URGENT REQUEST FOR PRICE OFFER” and “Ürün 56787898 için sipariş” email attachments contain an exe: the malware. Data is stolen via SMTP and Telegram API.
The cyber security expert JAMESWT: New cybercrime phishing campaign targets Webmail users. With the lure of (fake) account access attempts, victim is conviced to click the link and “validate” it, digiting the credentials
New cybercrime phishing campaign exploits fake Webmail access attempts to steal credentials. It has been discovered by the cyber security expert JAMESWT. The objective is to make sure that the potential victim clicks on the link to “validate” the account. It redirects to the provider login page, where user has to digit the email and the password. Once the form has been compiled, the criminal hackers show another page in which is reported that “a confirmation email will be sent to you within 48 hours”. ATTENTION, it’s a scam! The page is a fake, that just simulate the real one to steal coount credentials. The real owner, in fact, is the P.A. Viet Nam Company Limited.