CSO reported:
The PDF serves as the primary malware delivery mechanism. Unbeknownst to the victim, the sender address is spoofed or associated with a compromised account. Once they click on the attachment, they are directed to a second PDF hosted on a trusted cloud service (public.blob[.]vercel-storage[.]com), which further redirects them to a fake Dropbox login page. If they take the bait, they’ll log in with their email address and password, and those credentials will be exfiltrated to attacker-controlled command and control (C2) infrastructure.
Click to read the original article here.
In this campaign, victims first receive a professional-sounding email that seems to be part of a normal procurement or tender process and asks them to review an attached document.
The PDF serves as the primary malware delivery mechanism. Unbeknownst to the victim, the sender address is spoofed or associated with a compromised account. Once they click on the attachment, they are directed to a second PDF hosted on a trusted cloud service (public.blob[.]vercel-storage[.]com), which further redirects them to a fake Dropbox login page. If they take the bait, they’ll log in with their email address and password, and those credentials will be exfiltrated to attacker-controlled command and control (C2) infrastructure.
Click to read the original article here.
Key Takeaway: Never enter login credentials from a provided link. Use a bookmark or a link from a password manager.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat