Spam or Phishing? Looking for Credentials & Passwords
We are now at the end of the Cybersecurity Awareness month, it is important to remain digitally safe all year round [1][2][3].
In the past week, the handler mailbox has been receiving several emails, some asking to authenticate to get a password and other to add more storage. It is clear that all of them have the same goal, to get access to the password associated with the account.
If the anti-spam filter doesn't catch/block them, most of them have a similar format containing the pre-filled email address (in this case the handler email) at the end of the URL asking to enter the password to fix the problem. Sometimes there is little or no URL obfuscation [4][5][6] where other, you are not exactly sure where the full URL is taking you and may need a tool like CyberChef [7] to rebuild it.
[1] https://www.sans.org/security-awareness-training/
[2] https://www.nist.gov/cybersecurity/cybersecurity-awareness-month
[3] https://www.canada.ca/en/communications-security/news/2023/09/cyber-security-awareness-month-2023.html
[4] https://us-central-1.fybeobjects[.]com/969b00a97b384e09b03b3ca692e2d995:japa/jackpablocker/index5.htm#handlers@isc.sans.edu
[5] https://us-central-1.fybeobjects[.]com/969b00a97b384e09b03b3ca692e2d995:japa/jackpaty5020/index5.htm#handlers@isc.sans.edu
[6] https://ipfs[.]io/ipfs/QmUvJ5s5yMpDafExvEvkb6B6QKDKXANytaWHBveSVNAbs4/?bookName=handlers@isc.sans.edu
[7] https://gchq.github.io/CyberChef/
-----------
Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu
Comments