|
This morning we received several notifications from our e-mail protection software about several e-mails which were blocked because they contained password protected documents. After investigating these e-mails, I had a hard time finding a pattern. They all seem to come from multiple senders and domains with different subjects. The only common factor I found was the content of the e-mail. Each message was only 3-4 lines long and all of them reference, "Please see attachment, you will also need File Passcode: r68nJ3". The passwords provided where all different, but similar in that they were 4-7 characters in length. I'm just wondering if anyone else is seeing similar activity today as this seems to be some mass phishing campaign from multiple sources/countries. Thanks, J. Meetze |
jmeetze 3 Posts |
| thread locked Quote Subscribe |
Dec 14th 2016 5 years ago |
|
Hello J, Yes, this is more and more common to received password protected docs to prevent scans by AV's. KR, /x |
Anonymous - ISC Handler |
| Thread locked. Quote |
Dec 15th 2016 5 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
