New IceID Phishing Attack Targets Website Owners Using Image Copyright Infringement as The Hook



IceID Phishing AttackSpotted by the Microsoft 365 Defender Threat Intelligence Team, this new phishing attack threatens legal action to trick victims into installing information-stealing malware.

The last thing a website owner wants to receive is an email stating their website is using copyrighted images. This kind of news is just the thing to cause potential phishing victims to spring into action and investigate whether they are in violation or not. By abusing website “contact us” forms, these scammers seem to have found a way to bypass CAPTCHA used to keep automated emails. Finally, they get their email sent directly to the website owner’s Inbox.

This latest attack seeks to infect victim machines with the IceID trojan by tricking the user into clicking on a malicious link hosted on Google Sites.

4-1-21 Image

 

 

 

 

 

 

 

Source: MIcrosoft 365 Defender Threat Intelligence Team

The giveaway here is the use of a Google Sites link – the email asks the website owner to review the “evidence” using the malicious link. Even though common sense would dictate that a link to the images on the victim’s own site would be the logical way to start the conversation.

What’s brilliant about this scam is its’ widespread application to basically every size and type of business; just about every website has imagery of some kind, so this type of email message wouldn’t necessarily be uncommon, despite it likely being a bit shocking.

Users within your organization can be trained to spot phishing scams that are as contextually appropriate as this one using new-school security awareness training; there will always be some tell-tale signs that should – at very least – raise a flag of suspicion. Proper training will help to ensure those indicators are identified immediately.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Topics: Phishing, Malware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews