Jigsaw Security is sharing this information with the public in order to bring awareness. We have started seeing more and more of these events and feel that the only way to get the word out is through awareness.
Messages come into inboxes that say that suspicious email activity has been observed on your email account.
The message in this case is a spoofed message from "cavallim@serverlogic.com". When the link in the email is clicked on from a mobile phone the user is presented with the following:
So coming from a mobile device the end user is presented with a very realistic looking screen minus the strange domain "discoveryfood.eu".
Upon clicking on the email link from a desktop shows a screen formatted for desktops with the same "discoveryfood.eu" domain.
A very convincing desktop version of the same phish.
Indicators for Detection:
cavallim@serverlogic.com
69.73.188.146 discoveryfood.eu evergreen.nocdirect.com
mail.zaitech.com https://discoveryfood.eu/1ysm08s/
What is interesting is that we can see many different cases in which those not paying attention would fall for this attack.
Updated with additional information at 5:42PM EST 18 January 2018.