Spotted by the Microsoft 365 Defender Threat Intelligence Team, this new phishing attack threatens legal action to trick victims into installing information-stealing malware.
The last thing a website owner wants to receive is an email stating their website is using copyrighted images. This kind of news is just the thing to cause potential phishing victims to spring into action and investigate whether they are in violation or not. By abusing website “contact us” forms, these scammers seem to have found a way to bypass CAPTCHA used to keep automated emails. Finally, they get their email sent directly to the website owner’s Inbox.
This latest attack seeks to infect victim machines with the IceID trojan by tricking the user into clicking on a malicious link hosted on Google Sites.
Source: MIcrosoft 365 Defender Threat Intelligence Team
The giveaway here is the use of a Google Sites link – the email asks the website owner to review the “evidence” using the malicious link. Even though common sense would dictate that a link to the images on the victim’s own site would be the logical way to start the conversation.
What’s brilliant about this scam is its’ widespread application to basically every size and type of business; just about every website has imagery of some kind, so this type of email message wouldn’t necessarily be uncommon, despite it likely being a bit shocking.
Users within your organization can be trained to spot phishing scams that are as contextually appropriate as this one using new-school security awareness training; there will always be some tell-tale signs that should – at very least – raise a flag of suspicion. Proper training will help to ensure those indicators are identified immediately.
Here's how it works:
