Action Required: Keep or change password on 1:14 AM

by sircles on Mar 02, 2021 in SPAM, Phishing, Office 365
Action Required: Keep or change password on 1:14 AM - SPAM WARNING!!   Office 365 phishing emai

Action Required: Keep or change password on 1:14 AM - SPAM WARNING!!

 

Office 365 phishing email 

 

Action Required: Keep or change password on 1:14 AM

 

 

qqXTByZM

oBjlEsBk unIDRwG3 3se5vfjXO4hzMAm6d fN6pynnEO fi0IcGfwM3 cwp28ntOE e7XKCMMED -i4rXRs1J 33RlQfPMJ 6P5V8hPgh 5

 

2IB55hMnPeITCNROEascYutTaRusasT6XLhawAKDSLpvio6YA2w7qDrdAKiKkGbHAf7Fga0c K3fw8Reoforp6NKBlva sMD1hyqC[email protected]xcZY0VOe QbZS8zh6eRFKQlioOxplaPZOtFlidVTgMYACre0zB0lAtVsOCL1qmaH226q2oIq d6VvavqFtodayoUcGigt3 fYhYapAI

 

Wednesday, March 3, 2021 at 1:14:31 AM

 

FwdKMQXy61i5wts7 Please keep or change password...

 

elmFptdEKeepdjYnQW41 hVxOBWE6C8SoCXgjxur8Yhywr2zri7HxoItgentLyFmd2Xr OnwsIdOFPleSQnhuYajjUqPwzhssBW0i5hS5wixsCU5BaoZz6HxlPMrdxENA1jmP

 

 

domain.suffixVHC1yCGH0FvRD4Rs Mdw81Iq3SzsRaJj5uuF0xixBXqpp6qmGXYl1orC5hZc5Qwt0qgFOEh5

 

 I can only speculate why all of the letters are interspersed with gobbledegook, but the link that they are proposing we take actually points to: http://_14_31.ganharbememcasa.com.br./#[string]
 
Which, for a change, is already blocked by Google Chrome 
 
We have reported it to Microsoft Edge.
 
The link bounces you through to a compromised wordpress site: https://ops-wear.com/wp-content/plugins/@212/[email protected] which has used the encoded email address in the string of the first link populate your email address in the fake Office365 phishing site.
 
Which then gives you a redirect to Office365 using: https://ops-wear.com/wp-content/plugins/@212/newredirect.php that gives a pleasant little tick:
 
To assure you that the password was correct.
 
Be careful on that internet thing!!
 
 
 
 

Add comment