UPS and IRS Themed Tracking Number Phishing Email

We have been seeing more and more of these at customer sites but the callback links are typically already in the FirstWatch sensor. Do not client on the link as it leads to some nasty infections.

Please note that we have received a second email this time with an IRS and DHL shipping notification theme. IOC's for this second email have been added below.

A look in the Jigsaw Analytic Platform show recent activity


105.8.2[.]175 - X-Originating IP

104.27.158[.]152 css.opposingviews[.]com[.]net[.]net/js/?vfy=[redacted] img.opposingviews[.]com mailfs[.]com odzyskiwaniedanych-gdansk[.]pl search.opposingviews[.]com uangpedia[.]com

Additional IOCS on Second Incident:

105.8.2[.]175 - Note the same X-Originating IP[.]net mhahn@kiwipartners[.]com[.]net



Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.