Phishing Email That Tries to Steal Your Email Credentials

24th July 2015 | By admin
  • Received from: Email Security
  • Reply-to address: Email Security
  • Subject: YOU HAVE EXCEEDED YOUR QUOTA
  • Body:

Your email ( name.surname@yourcompany.com ) is almost full. Current size 1989MB 2000MB Maximum size Your mailbox is running out of data storage and it might be close kindly do add more MB to your mailbox. Upgrade Now If don’t upgrade your mail box, you will not receive more emails frequently You will be finding it hard receiving emails. Your account might be closed Your important mail will be wiped away Note: Upgrade if free of charge, you are not charge any service fee. Copyright ? 2015 Email Administrator. All rights reserved.

**********************************************************************************************************************

CONFIDENTIALITY. This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of webster

**********************************************************************************************************************

E-MAIL BODY:
Your email ( name.surname@your.company.com ) is almost full.
Current size

 

1989 MB

Maximum size
Your mailbox is running out of data storage and it might be close kindly do add more MB to your mailbox.

Upgrade Now

  • If don’t upgrade your mail box, you will not receive more emails frequently
  • You will be finding it hard receiving emails.
  • Your account might be closed
  • Your important mail will be wiped away

Note: Upgrade if free of charge, you are not charge any service fee.
Copyright ? 2015 Email Administrator. All rights reserved.

**********************************************************************************************************************

CONFIDENTIALITY. This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of webster

**********************************************************************************************************************

Attachments: –
Overall Analysis:
The hyperlink attached to “Upgrade Now” button had already reported as a phishing attempt:
“This web page at steakhousekl.com has been reported as a web forgery and has been blocked based on your security preferences.
Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.
Entering any information on this web page may result in identity theft or other fraud.”
“Phishing attack ahead
Attackers on steakhousekl.com might try to trick you to steal your information (for example, passwords, messages, or credit cards).”
In the body, sender tries to make the receiver click the “upgrade” link by disturbing with the consequences of not upgrading, such as: “you will not receive more emails frequently, you will be finding it hard receiving emails, your account might be closed, your important mail will be wiped away”. That’s a typical phishing email.
The original domain steakhousekl.com is actually a website and clean. However; the attackers hacked the domain and create subdomains to attack.

Domain Lookup:

Domain Name: STEAKHOUSEKL.COM
Registrar: TUCOWS DOMAINS INC.
Sponsoring Registrar IANA ID: 69
Whois Server: whois.tucows.com
Referral URL: http://www.tucowsdomains.com
Name Server: NS101.MSCHOSTING.COM
Name Server: NS102.MSCHOSTING.COM
Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Updated Date: 28-may-2014
Creation Date: 07-sep-2012
Expiration Date: 07-sep-2016

When the user clicks the “Upgrade Now” button, he is directed to a site, which is probably forged, and which requires email authentication:

Email phishing

The system tricks the user as if the authentication has taken place:

Phishing Attacks

And then redirects to a verification complete page:

Phishing email

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Loading