Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Bulk Phishing Campaign via PW Protected Docs - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bulk Phishing Campaign via PW Protected Docs
This morning we received several notifications from our e-mail protection software about several e-mails which were blocked because they contained password protected documents. After investigating these e-mails, I had a hard time finding a pattern. They all seem to come from multiple senders and domains with different subjects. The only common factor I found was the content of the e-mail.

Each message was only 3-4 lines long and all of them reference, "Please see attachment, you will also need File Passcode: r68nJ3". The passwords provided where all different, but similar in that they were 4-7 characters in length.

I'm just wondering if anyone else is seeing similar activity today as this seems to be some mass phishing campaign from multiple sources/countries.


J. Meetze

3 Posts
Hello J,

Yes, this is more and more common to received password protected docs to prevent scans by AV's.


ISC Handler

Sign Up for Free or Log In to start participating in the conversation!