Feb 25 / Admin

New Scam Alert: Business Email Compromise Scam Leads to Credential Harvesting Evernote Page

Avanan reported:   

In this BEC attack, we’ve seen hackers get even more creative. In this attack brief, researchers at Avanan, a Check Point Software Company, will discuss how threat actors are using the legitimacy of Evernote to help make their BEC attacks even more convincing.  

In this attack, hackers are using Evernote links to host malicious messages that are sent in Business Email Compromise attacks.

This starts as an attached message, sent directly from the president of the organization in question. This is a compromised account. Hackers will often spoof executives using trickery in the sender field; in this case, the president of the organization was actually compromised, and thus is sent directly from that person’s account.

The attached message leads to an email saying there’s a “secure message.’ The link goes to an Evernote page. 

In this case, there’s a document on Evernote that leads to a fake login page to steal credentials. 
Find the original article and view the actual emails here.

Enroll in Training Sessions:  Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
* indicates required