Be careful, if an email account has been compromised, you might receive a genuine looking email which will pass through your spam filter. As an example, I have just received an email from “FirstName.LastName@”Domain Name Remove”.co.uk”. This was confirmed with a quick phone call to the company where I was informed the account had been hacked and I should delete the spam email. This post is just to raise awareness. The companies name is covered intentionally, as is their website.
Some basic warning signs were there:
- No branding
- No reference or invoice number
- Somewhere to click.
Some more interesting features are:
-
The link – Simply hover over the PDF link to reveal that well known domain “1drv.ms”. A OneDrive shared link, in theory a trusted source, but why not just attach a PDF if the mail is genuine?
-
The email domain was linked to a genuine company @”Domain Name Removed”.co.uk – this genuine victim being used as a cover.
The target was obviously selected based on a hot topic in the media they deal with.
-
And the different no_reply@accountpayable.com domain you can purchase was a nice discovery.