UPS and IRS Themed Tracking Number Phishing Email


We have been seeing more and more of these at customer sites but the callback links are typically already in the FirstWatch sensor. Do not client on the link as it leads to some nasty infections.

Please note that we have received a second email this time with an IRS and DHL shipping notification theme. IOC's for this second email have been added below.

A look in the Jigsaw Analytic Platform show recent activity

IOCS

105.8.2[.]175 - X-Originating IP

104.27.158[.]152 css.opposingviews[.]com findreviewedtreadmillss.gb[.]net https://findreviewedtreadmillss.gb[.]net/js/?vfy=[redacted] img.opposingviews[.]com mailfs[.]com odzyskiwaniedanych-gdansk[.]pl search.opposingviews[.]com uangpedia[.]com

Additional IOCS on Second Incident:

105.8.2[.]175 - Note the same X-Originating IP

https://myzadeals.gb[.]net mhahn@kiwipartners[.]com myzadeals.gb[.]net

#PhishingActivityReport

11 views0 comments

Recent Posts

See All