Russian Phishing Activity targets Office 365 Users


Jigsaw Security is sharing this information with the public in order to bring awareness. We have started seeing more and more of these events and feel that the only way to get the word out is through awareness.

Messages come into inboxes that say that suspicious email activity has been observed on your email account.

The message in this case is a spoofed message from "cavallim@serverlogic.com". When the link in the email is clicked on from a mobile phone the user is presented with the following:

So coming from a mobile device the end user is presented with a very realistic looking screen minus the strange domain "discoveryfood.eu".

Upon clicking on the email link from a desktop shows a screen formatted for desktops with the same "discoveryfood.eu" domain.

A very convincing desktop version of the same phish.

Indicators for Detection:

cavallim@serverlogic.com

69.73.188.146 discoveryfood.eu evergreen.nocdirect.com

mail.zaitech.com https://discoveryfood.eu/1ysm08s/

What is interesting is that we can see many different cases in which those not paying attention would fall for this attack.

Updated with additional information at 5:42PM EST 18 January 2018.

#PhishingActivityReport #Alert

63 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.