UCSF IT Technology

Cybercriminals have launched phishing attacks leveraging compromised Microsoft Office 365 accounts.  The lures include .rpsmg file attachments, as well as embedded URLs hidden behind a “Read the Message” button.    Clicking the malicious link leads to a credential phishing kit that redirects the user to a legitimate login page.

Threat Alert: Phishing Lures Harvesting Credit Card Data 

Threat Alert: Job Offer Message Lures 

Threat Alert: Invoice-Themed Phishing Lures 

Cybercriminals have launched phishing attacks using malicious invoice-themed attachments to spread malicious software (malware).  The phishing attacks hijack legitimate email threads to deliver the phishing lures to further increase the believability of the attacks.

Cybercriminals have launched a series of phishing attacks using spoofed or compromised email accounts belonging to the National Health Service (NHS). These emails, which appear to come from a NHS[.]net email address, use the subject line “YOU NEED TO SETTLE THIS.” A fully capitalized subject line like this is unlikely to come from an official government institution.   The lures contain a prompt to review an alleged DocuSign document.

Cybercriminals have launched multiple phishing attacks attempting to take advantage of the humanitarian crisis in Turkey and Syria following the earthquake. These attacks are intended to steal recipient’s funds or to lead to the installation of malicious software (malware).  As multiple attacks are exploiting this crisis, lures will appear different.

Cybercriminals are increasingly using phishing-as-a-service kits to build and distribute lookalike Microsoft Office 365 landing pages via phishing lures.  The phishing lures can be customized to have a variety of different appearances or themes.

Cybercriminals have launched a series of phishing attacks using timely tax-themed lures.  While the email from field says “Irs notice” and then the name of the organization, the sending address is a Madwire account. The phishing emails contain an HTML attachment allegedly containing delivery details about a tax related USPS letter.

Cybercriminals have launched a series of phishing attacks using a timely tax-themed lure.  The lures imitate the sharing of 2022 tax documents via a Citrix ShareFile link. The lures note that the download expires on April 18, 2023, the tax-filing deadline in the United States.