Threat Alert: DEBT-RELATED PDQ CONNECT LURES

• Threat actors are leveraging overdue payment and debt settlement themes to lead to PDQ Connect, a legitimate remote management and monitoring tool (RMM) that is currently seeing widespread abuse.
• Messages pose as law firms or E-sign services with file sharing URLs leading to legitimate Google Drive pages that, in turn, lead to PDQ Connect.

How is it used in the wild?

• Messages sent from an automated Google Drive file sharing email alias, [email protected], purport to be law firms or E-sign services sharing an urgent document.
• They contain alarming subject lines regarding an overdue payment or debt settlement that may be related to legal action.
• Messages were sent to emails using so-called “sub-addressing,” with a string of random numbers and letters appended to the end of the email address with a “+” sign (e.g., [email protected]).
• URLs within the message body led to an intermediate page hosted on Google Drive. If opened, the user was filtered through redirects to a malicious MSI download that led to the installation of PDQ Connect.
  

Key Action: Stay Alert!

• Avoid interacting with messages that claim to be urgent.
• Avoid interacting with links or attachments in unsolicited email.
• Report ANY suspicious emails via Phish Alarm.