Michelle Williams sent you a secured file via Microsoft OneDrive Online

by sircles on Apr 29, 2020 in Viruses and Malware threats, Internet Security, SPAM, Phishing, Office 365
Michelle Williams sent you a secured file via Microsoft OneDrive Online This is an interesting spam,

Michelle Williams sent you a secured file via Microsoft OneDrive Online

This is an interesting spam, because it was almost certainly sent from people operating out of Britain. The choice of originator is too relevant to originate from elsewhere, and the choice of recipient - i.e. they sent it to us who deal with lawyers, insolvency practitioners and accountacts all day - is actually concerning that they may have gained access to one of our associates or partners address book.

The other concerning part of this email is that one of the repositories they use (sharepoint) appears to belong to Encore Recruitment in Leicester.

This possibly explains where they may have retrieved a list of customers or associates from, as presumably they had to gain access to a users credentials in order to plant the malware in the first place.

Now in this case, they have impersonated a real person from a real insolvency firm in Scotland, but have altered some of the contact details to prevent you from contacting them by phone. I successfully replied to the email and am awaiting a reply so as to inform the sender of the situation.

 

From:                                         Michelle Williams <[email protected]>

Sent:                                           Wednesday, April 29, 2020 11:05 AM

Subject:                                     Project

 

 Michelle Williams sent you a secured file via Microsoft OneDrive Online

 

Go to shared Document

 

Download the PDF Version of this document here

 

So the link points to a compromised personal sharepoint location here: https://encoreleicester-my.sharepoint.com/:b:/p/kitchen/EREaAVh0kBRAtRhsJNLqkpEBQ-zSzoDKy8AM76AkUnBgdw?e=VGy0dI

 

Where you encounter a PDF file:

 

Which as we can see points to: https://yanmatrix.by/wp-content/themes/Office365-K/Microsoftdocs/

Which is yet another attempt to phish for Office365 credentials, presumably so they can upload their malware somewhere else.

Anyway, after several hours of typing offensive messages into their fake portal, I did try downloading their virus, which Windows 10 defender picks up instantly. Do be sure that you have some form of Windows Defender or other antivirus running on any Windows machine you use for email or other internet activities.

 

 

Add comment