State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Credential Phishing Campaign Leverages Symantec Security Feature

NJCCIC Alert

Original Release Date: 5/26/2020

Summary

Armorblox researchers discovered a credential phishing campaign with a real estate theme. The email contains a link to a PDF that purportedly contains building project bid details. If clicked, the user is led through five redirects. The user eventually lands at a spoofed OneDrive or Adobe login page that steals the user’s credentials, if entered. The threat actor leverages Symantec’s Click-time URL Protection to rewrite the URL – a technique used to disguise the final malicious site and to appear legitimate. Additionally, to add credibility, the email contains a notice that it was scanned by Symantec email security cloud service, though the included domain is nonexistent.

Recommendations

The NJCCIC reminds users to avoid clicking links or opening attachments delivered with emails from unknown senders and exercise caution with emails from known senders. If you are unsure of an email’s legitimacy, contact the sender via a separate means of communication. Additional details can be found in the Armorblox blog post.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.