A phishing email is a type of scam where an attacker attempts to trick the recipient into revealing sensitive information, such as login credentials or personal details.
Recently soc investigation have received a phishing email that is designed to look like it came from a legitimate source, such as a well-known email provider or a business the recipient has previously interacted with. The message in the body may read something like this:
We has informed that our some of the mails has undelivered due to insufficient storage space in your inbox. To prevent further issues, we kindly request that you clear out some of your old emails to free up space.
Asked us to click the links to release messages or add disk space in to your account and start clearing space.
Above illustrates image, Threat actors are trying to send phishing email from support@biobel[.]mx and when victims clicks on release messages link it takes to new window and ask for credential.
Indicators of compromise:
https://ipfs[.]io/ipfs/QmTPMYQBoMFM6bStnsn2rs8vTDSAVdS9a8TdUfTPpNr1BW/domain/c5b2d/?id
support@biobel[.]mx
Malicious URL is hosted in the https://ipfs.tech/ and the email may appear to be a harmless request for assistance, but it is actually an attempt to steal the recipient’s login credentials or infect their computer with malware. Clicking on the link in the email may take the recipient to a fake login page that looks like the real thing, but is actually designed to capture their username and password.
Always check the sender’s email address using a reverse lookup tool (like this one), and hover over links to see where they lead before clicking on them. Additionally, enable two-factor authentication on all accounts that support it, and regularly update passwords with strong, unique combinations of letters, numbers, and symbols.
To avoid falling victim to phishing emails, it is important to be cautious when clicking on links in emails, especially those that claim to be urgent or require immediate action. Always check the sender’s email address and hover over links to see where they lead before clicking on them. Additionally, enable two-factor authentication on all accounts that support it, and regularly update passwords with strong, unique combinations of letters, numbers, and symbols.