files.securefileshares.com
Open in
urlscan Pro
54.83.101.48
Public Scan
URL:
https://files.securefileshares.com/dl/5upoh9c386fr4th00umn/dl=0/c4f10e/2fcbfa96-adf6-4616-8664-42646fdfa583/
Submission: On December 13 via api from US — Scanned from DE
Submission: On December 13 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
1. 2. Welcome to Profile of a Phisher. Click around this interactive profile to learn about phishing from a cybercriminal’s perspective. I’ll offer helpful tips along the way so you know how to protect yourself against malicious emails. × THIS WAS AN AUTHORIZED PROVIDENCE PHISHING EMAIL SIMULATION TEST. PROVIDENCE CONDUCTS RANDOM PHISHING EMAIL SIMULATION TESTING TO HELP INCREASE AWARENESS TO RECOGNIZE THE WARNING SIGNS OF A PHISHING EMAIL AND PROTECT PROVIDENCE CONFIDENTIAL INFORMATION, ITS MISSION AND VALUES AGAINST REAL PHISHING EMAIL ATTACKS. -------------------------------------------------------------------------------- PROFILE OF A PHISHER FOLLOW INTERESTED IN LEARNING MORE ABOUT PHISHING? × Follow @Cofense on Twitter for the latest phishing trends and examples. * 6 posts * 666k followers * 138 following Proven strategies to earn quick money through phishing. Sharing my successful phishing emails. Click my story highlights for my most popular tips. #spearphishing #socialengineering #hacking #phishing #SPEARPHISHING × Malicious emails designed to trick small groups or individuals into sharing information or allowing malicious code to run on their device. * Uses more sophisticated technology and personalization to evade email filters * Generally targets organizations #SOCIALENGINEERING × Using deception to manipulate people into divulging information (like passwords or confidential data) for fraudulent purposes. #HACKING × Gaining unauthorized access to or control over computer systems for an illicit purpose. #PHISHING × Malicious emails designed to trick large groups of people into sharing information or allowing malicious code to run on their device. * Appeals to a broad audience BEC / CEO Fraud Social Media Credential Phishing Ransomware Mobile Devices URLs Brand Impersonation × BEC/CEO FRAUD 1. 2. 3. WIRE FRAUD 101 If you’re interested in making larger amounts of money, BEC (aka wire fraud) is worth the extra time needed to research and strategize. For BEC scams, pose as high level executives and ask the target to transfer funds—to your account. WHAT YOU CAN DO: Be skeptical of urgent requests that do not follow typical company procedures and policies. WIRE FRAUD 101 Target companies who work with foreign suppliers and employees who regularly perform wire transfers (like accounting or finance). WHAT YOU CAN DO: If you receive a wire transfer request, always examine the email for warning signs of a phish. WIRE FRAUD 101 Conduct extensive research to make your emails believable. Determine who initiates wires and who requests them, and try to figure out the company’s financial processes. Then, wait for the perfect opportunity, like a change in leadership in the finance department or a CEO traveling overseas. For a higher chance of success, instruct the target to act quickly or in confidence when transferring funds. WHAT YOU CAN DO: Verify that the email is from the real sender with a quick call if anything looks off. Previous Next Close × SOCIAL MEDIA 1. 2. SOCIAL MEDIA STALKING For highly personalized phish, research is your best friend. Try to find out everything you can about your target on social media to increase your likelihood of success. WHAT YOU CAN DO: If someone really wants to attack you or your organization, they will spend countless hours searching for personal details. Be vigilant about the public content you post to social media. SOCIAL MEDIA STALKING For example, say you see an Instagram story about a morning Starbucks with the target’s cubicle workspace in the background. Details like computer types, email clients, and preferred applications can be collected by zooming in, and then used in the narrative of a malicious email like “Critical MacOS update”, “Shared Outlook Document”, or even a Starbucks Rewards themed message. REMEMBER: Don’t make it easy for the bad guys to find information. Review your privacy settings and lock down your social media profiles. Previous Next Close × CREDENTIAL PHISHING 1. 2. STEALING CREDENTIALS Pose as a legitimate company and send phishing emails with narratives like account access suspended, payment transfer complete, or outstanding balance. Include links to a phishing website imitating a real login page to steal your victim’s information. WHAT YOU CAN DO: Never enter login credentials or other sensitive information into an unverified website, even if the site looks legitimate. Only navigate to trusted sites by using bookmarks or by typing the domain in the browser. STEALING CREDENTIALS Since so many people reuse passwords, try out the credentials you capture on other sites to gain access. REMEMBER: Use multi-factor authentication (MFA) wherever it is offered. Keep your usernames, passwords, and secret questions/answers private. Always verify that you are on an official website before you provide your credentials. Report any suspicious messages. Previous Next Close × RANSOMWARE 1. 2. 3. HOLDING THEM HOSTAGE Ransomware is a type of malware that locks the victim’s computer screen and prevents them from accessing files until they pay a ransom. It’s the perfect way to make cash quick. WHAT YOU CAN DO: Back up your files regularly on a physical storage device. Secure your backup in a safe place and disconnect the device from your computer when you aren’t using it. Ransomware can infect connected network and external drives. HOLDING THEM HOSTAGE One of my favorite methods to trick victims into downloading malware is to send emails with Office attachments that can only be viewed by enabling macros. These emails make it past secure email gateways because the attachment itself contains no malware until macros are enabled. REMEMBER Never enable macros on suspicious Microsoft Office documents. Enabling macros can allow a malicious program to download and run malware. HOLDING THEM HOSTAGE Enabling macros allows a malicious file to run and download malware. Once the malware has been downloaded, it can run scripts and programs designed to obtain files, information, and account data without the victim’s knowledge. DID YOU KNOW? Never reuse passwords. Use a unique password for each site, using a combination of letters, numbers, and special characters. Previous Next Close × MOBILE DEVICES 1. 2. SMISHING Try sending phishing links via SMS text message instead of email. WHAT YOU CAN DO: Use a Virtual Private Network (VPN) Be wary of connecting to public wireless networks. If your only option is to connect to an unsecured network, use a trustworthy VPN to send and receive information securely. SMISHING A common tactic is to ask the target to reply or click a link to confirm enrollment in a newsletter or program, or to unsubscribe from text message alerts. REMEMBER Phones are lost and stolen all the time, and without a way to wipe data remotely if your device is stolen, data can be easily extracted. Set up "Find my Phone" and "Remote Wipe" apps ahead of time to locate a lost device or restore your phone to factory settings in case it cannot be found. DID YOU KNOW? You're just as vulnerable on a mobile device as on a desktop computer to receive malicious emails. Previous Next Close × URLS 1. 2. MAKE YOUR PHISHING WEBSITES LOOK LEGIT Purchase a copycat domain that resembles a well known brand's domain. QUICK TIPS Examine the domain name. Don't be misled by sites claiming to be popular brands but have a slightly different URL. REMEMBER Also, consider the context. Did you receive a work-related email in your personal inbox, or vice versa? Does anything seem strange? How about the spelling and grammar? MAKE YOUR PHISHING WEBSITES LOOK LEGIT For instance, if a company owns example.com, you could purchase example.red DID YOU KNOW? How to check where a link goes without clicking: Desktop (Mac/Windows): Hover your cursor over the link to view the URL. Mobile Devices (Android, iOS, Windows): Touch and hold the link until a pop-up menu appears. Previous Next Close × BRAND IMPERSONATION 1. 2. IMITATING BRANDS Impersonating familiar brands is a popular method to trick targets into handing over login credentials, credit card numbers, and other private information. WHAT YOU CAN DO: Look out for old logos, broken images, and stretched or fuzzy images. If the layout or images look strange, you might have landed at a poor copy of a real site. Remember, just because a site uses HTTPS or has a green padlock, it doesn’t guarantee the site is safe. IMITATING BRANDS Buy domains similar to popular sites, so if someone mistypes a popular website, they will land on your phishing website. It’s also easy to obtain free SSL certificates to give your phishing websites an air of legitimacy. REMEMBER Also, consider the context. Did you receive a work-related email in your personal inbox, or vice versa? Does anything seem strange? How about the spelling and grammar? Previous Next Close From: connections@linkedin.com Subject: You have a new connection request from Jessica Gomez! From: docusign@securefileshares.com Subject: You got an invoice from DocuSign Electronic Signature Service From: support@onedrive.com Subject: File "Bonus 2021.xls" Has Been Uploaded To OneDrive From: security@google.com Subject: Someone has your password From: deliveries@fedex.com Subject: Urgent Message FedEx !! From: billing@amazon.com Subject: We have placed a hold on your Amazon account and all pending orders. PHISHING SCAMS × 1. 2. 3. 4. 5. 6. LINKEDIN PHISHING SCAMS Hover over the indicators to see the warning signs in this real phishing email From: connections@linkedin.com Subject: You have a new connection request from Jessica Gomez! Hi Linkedin user, It was nice to meet you last week. I'd like to connect with you on LinkedIn. - Jessica Jessica Gomez Managing Director at RHPW Consulting 2 shared connections Accept View Profile PROFILE OF A PHISHER Create enticing social networking profiles and pose as fake recruiters. Try out believable narratives like confirming a new connection request or sharing an exciting new job opportunity with a huge signing bonus. QUICK TIPS Only accept connection requests from people you know. Once someone is part of your networks, they can see information like your email address and interests. Then, they could send you a personalized message with a malicious link. DOCUSIGN PHISHING SCAMS Hover over the indicators to see the warning signs in this real phishing email From: docusign@securefileshares.com Subject: You got an invoice from DocuSign Electronic Signature Service Review and pay the document View Invoice Dear Recipient, Please review this urgent invoice. This is an electronically created invoice notification PROFILE OF A PHISHER DocuSign is one of my personal favorites since people get so many DocuSign requests like invoices, mortgage docs, or contracts. You can keep it generic to save time, but if you really want to improve your success rate… Add details like the person’s name, company name, or department. Say it’s urgent too, and they’ll be eating out of the palm of your hand. QUICK TIPS If your job responsibilities include reviewing invoices or signing off on any documents, scrutinize these types of emails for warning signs of a phish. Follow company policies, and verify with the sender by phone call or chat if you have any concerns. DID YOU KNOW? DocuSign email requests to sign a document never contain attachments. DocuSign will never ask you to open a PDF, office document, or zip file in an email. Access your documents directly from https://www.docusign.com by entering the unique security code, which is included at the bottom of every DocuSign email. Don’t click links in suspicious emails. MICROSOFT ONEDRIVE PHISHING SCAMS Hover over the indicators to see the warning signs in this real phishing email From: support@onedrive.com Subject: File "Bonus 2021.xls" Has Been Uploaded To OneDrive This links works for everyone in our organization. Bonus 2021 To Open Microst respects your privacy. Read our Privacy Statement for more information. Microsoft Corporation, One Miscrosoft Way, Redmond, WA 98052. PROFILE OF A PHISHER Who doesn’t love a bonus? So many organizations share files using Microsoft OneDrive, so this one is a pretty safe bet. However, if you’re not sure, dig around Instagram under Places to see what has been tagged at the target company’s offices or search for #companyname. Guaranteed some “influencer” has tagged their #mealprepped lunch with their monitor in the background. Zoom in to see if their company uses Microsoft products—then you’ll know that this narrative is a home run. QUICK TIPS Be wary of emails with reward narratives like bonuses or pay raises. If something is too good to be true, it likely is. Reach out to HR or Payroll, or log in to your internal system to check if the good news is true before rushing to click an email link or open an attachment. GOOGLE ACCOUNT SECURITY ALERT PHISHING SCAMS Hover over the indicators to see the warning signs in this real phishing email From: security@google.com Subject: Someone has your password SOMEONE HAS YOUR PASSWORD. Hi , Someone just used your password to try to sign in to your account. Details: IP Address: 198.51.100.1 Location: Ukraine We have stopped this sign-in attempt. You should change your password immediately. Change Password Best, Account Services Team PROFILE OF A PHISHER Fear is one of my favorite motivators, since it just works so beautifully. The sheer terror of someone gaining account access is often enough to rush them into action to fix the problem. Throw in a Google logo and add a suspicious location like Ukraine to add the final nail in the coffin. This one makes a great credential phish too. Add a fake login page to grab their credentials. Since so many people reuse passwords, try that password out to gain access to other systems. QUICK TIPS Receive a threatening email that someone has access to your account? Take a deep breath and remember that this narrative is common, and you likely have nothing to worry about. Phishers will try to catch you off guard by appealing to strong emotions. Contact the support department if you have concerns about an account takeover instead of rushing into action. Never enter credentials into a suspicious website. DID YOU KNOW? You can strengthen the security of your account by setting up multi-factor authentication (MFA) wherever it is offered. MFA is an added layer of security. After entering your password, you must use a second method to verify your identity. Examples include entering a unique code sent to your email address or mobile device or using biometric indicators such as a thumbprint FEDEX PACKAGE DELIVERY PHISHING SCAMS Hover over the indicators to see the warning signs in this real phishing email From: deliveries@fedex.com Subject: Urgent Message FedEx !! FEDEX Hi Customer On May 30, 2021 Delivery Problems Notification. A courier agent was at your listed address to deliver a parcel to you but could not find you. Thus, we are unable to deliver the package to you. Kindly update your current address below for us to be able to reach you tomorrow. [Update Address] © FedEx 1995 - 2021 | Global Home | Terms of Use | Security and Policy PROFILE OF A PHISHER This one is perfect for office administrators since they are responsible for sending and distributing packages. Personalize it with their name, company name, or department. If you can find any of the company’s vendors—look on social media since organizations often post about their #partnerships—add that in to increase the believability. QUICK TIPS Be on the lookout for “package delivery” scams, especially around popular online shopping holidays. Use your personal email for purchases instead of your business email. If you are responsible for sending and receiving packages on behalf of your organization, be extra cautious of these emails. Verify with the shipping provider instead of interacting with an email. DID YOU KNOW? Popular shipping narratives include delivery notification, fraudulent parcel, confirm shipping address, and delivery failure. AMAZON ORDER ISSUE PHISHING SCAMS Hover over the indicators to see the warning signs in this real phishing email From: billing@amazon.com Subject: We have placed a hold on your Amazon account and all pending orders. Account Security -------------------------------------------------------------------------------- Greetings from Amazon We have placed a hold on your Amazon account and all pending orders. We tool this action the billing information you provided did not match the information on file with the card issuer. To resolve this issue, please verify now with the billing name, address, and telephone numbr registered to your payment card. If you have recently moved, may need to update this information with the card issuer. Verify Now If we are unable to complete the verification process within 3 day, all pending prders will be cancelled. You will not be able to access your account until this process has been completed. We ask that you not open new accounts as any new order you place may be delayed. We appreciate your patience with our security measures. Thank you for your concern. Sincerely, Amazon Service Team PROFILE OF A PHISHER People place so many Amazon orders and they are always replacing their credit cards. They will rush to update their billing information if they see this email to get their next order without thinking twice. QUICK TIPS Keep track of your Amazon orders so you don’t fall for a phony email. Check your Amazon account by navigating to amazon.com through your browser or bookmarks instead of clicking a link. Previous Next Close Remember, you are the last line of defense against phishing. If you receive a suspicious email, immediately report it using the Microsoft Report Message tool. Legal Disclaimer All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.