PHISHINGEMAIL

Phishing Script File Breaching User Information via Telegram Being Distributed

AhnLab Security Emergency response Center (ASEC) has recently identified circumstances of multiple phishing script files disguised as PDF document viewer screens being distributed as attachments to emails. A portion of the identified file names are as below, and keywords such as purchase order (PO), order, and receipt were used. New order_20230831.html Salbo_PO_20230823.pdf.html WoonggiOrder-230731.pdf.html PO_BG20231608-019.html ○○○ Pharma.pdf.html DH○_BILL_LADING_DOCUMENT_RECEIPT.html _Purchase Order Received from ○○○ Cosmetics_msg (email) BL_148200078498.html En○○○ Purchase Order.html Sung○○ BioX_New PO.pdf.html As shown in Figure 1 below, a blurred image…

A Phishing Page that Changes According to the User’s Email Address (Using Favicon)

The ASEC analysis team continuously monitors phishing emails, and we have been detecting multiple phishing emails that are distributed with a changing icon to reflect the mail account service entered by the user. The following is an email distributed on January 16, 2023, warning users that their account will be shut down, prompting them to click the ‘Reactivate Now’ link if they need their account kept active. The linked phishing page steals the user’s email account and password. There are…