• Patch Lady – beware of email credential harvesting

    Posted on May 31, 2018 at 14:21 CDT by Comment in the Forums

    A recent email came into the firm and it was sent from payment@paychex.com with a “wetransfer” file.  Enough red flags that of course I wanted to see what it was attempting to do.

    The email itself wasn’t flagged as malicious, nor the links in the email when I sent them through virustotal.com.  I ended up using reverse.it to determine that it was attempting to harvest email credentials

    All the major email services are there ready to be harvested.

    On the attacker front I have seen and heard of many stories where the attackers harvest email credentials and then gain access to the mail account.  They then set up email forwarding rules and filters so that their malicious activity (possibly money transfers or setting up new credit card accounts) are all automatically forwarded and then deleted out of the email account so that you don’t see the activity going on.  For any email service you use, consider turning on two factor authentication for when you log into a new device, bookmark the location where you can log in to review access.

    In the case of a Microsoft account it’s here:  https://account.live.com/Activity?mkt=en-US&refd=account.microsoft.com&refp=security

    Google I will go here: https://myaccount.google.com/u/2/notifications

    Bottom line –  ask yourself what do you use – especially in authentication –  and if an attacker gained access to it – how would you start digging in to determine when and if they gained access?

    Other
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.