Threat

We have observed a considerable increase in malicious e-mails which are being received by our customers. These e-mails originate from verified senders. There is a high potential for damage to end-users and through an auto forwarding feature, to the end user’s extended network.

Profile

The first set of e-mails received will be a valid link to a PDF file within the sender’s OneDrive.  Once opened, the file will ask for a user to provide their e-mail address and password.

The second set of e-mails that users may receive include the PDF directly, with no links present. This message will also ask for a user to provide their e-mail address and password.

Example

In both instances the file will look similar to the following:

Detection and Attribution

This exploit will not be caught by most spam filters. This is because the message originates from valid senders and the PDF files do not contain any known viruses and/or malware.

Guidance

It is never advisable to provide your credentials in response to an e-mail request.

Should you receive a message like those described above, please forward the e-mail to help@starport.ca

Finally, as a courtesy you may wish to contact the source users advising them to notify their IT department directly.

 

Thank you,

Cyber724 SOC