Triskele Labs Blog

Now this is how you run a phishing campaign...

Written by Nick Morgan | Nov 8, 2019 10:44:00 AM

So we all see phishing attacks. They are happening more and more. Most of the time, they are easy to spot. Sometimes not so much. This is probably one of the best attempts I have seen and only the most cautious of users will be able to spot this.

First of all, an email came directly from Dropbox so it is legit.

Rather than clicking the link (which would have been picked up by Mimecast if it was dodgy anyway), I signed into Dropbox. As expected, a document was there. Instead of downloading (again, would have been picked up by Carbon Black if it was dodgy), I previewed the document and this is where the attack came to life.

The document has been blurred and embedded with a link to "view the whole document". This link directs to a site that is where the fun starts.

Checking this site, this is a template that has just been spun up!

This site has been compromised to then throw a login page that links to a compromised download.

I am in sheer amazement of how great this phishing campaign is. Obviously not for those who get caught out, but it shows the criminals are getting smarter. It is not enough to tell users to look at links etc anymore. The bad guys are getting smarter and we need to get there as the defenders. Watch out, we will be adding a new phishing mechanism to our red teaming bag!

Cheers,

Nick.