UPS and IRS Themed Tracking Number Phishing Email


We have been seeing more and more of these at customer sites but the callback links are typically already in the FirstWatch sensor. Do not client on the link as it leads to some nasty infections.

Please note that we have received a second email this time with an IRS and DHL shipping notification theme. IOC's for this second email have been added below.

A look in the Jigsaw Analytic Platform show recent activity

IOCS

105.8.2[.]175 - X-Originating IP

104.27.158[.]152 css.opposingviews[.]com findreviewedtreadmillss.gb[.]net https://findreviewedtreadmillss.gb[.]net/js/?vfy=[redacted] img.opposingviews[.]com mailfs[.]com odzyskiwaniedanych-gdansk[.]pl search.opposingviews[.]com uangpedia[.]com

Additional IOCS on Second Incident:

105.8.2[.]175 - Note the same X-Originating IP

https://myzadeals.gb[.]net mhahn@kiwipartners[.]com myzadeals.gb[.]net

#PhishingActivityReport

11 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2020 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business