The Cofense Intelligence team discovered a credential phishing campaign falsely claiming that President-elect Donald Trump was assassinated. These emails, targeting the professional services and mining sectors, impersonate The New York Times. The link embedded in the email leads to a credential phishing page that spoofs the victim’s company.
Email Content
As seen in the email in Figure 1, the phishing attempts spoof The New York Times by using content in the email, a relevant sender name, and a sender email address that initially appears to be a legitimate The New York Times address. The threat actor also attempts to personalize the emails by stating, “This message is intended for,” followed by the victim’s email address, implying that the campaign is not widespread. The high-impact lure invites victims to click a link that eventually leads them to a credential phishing page.
Figure 1: The New York Times-spoofing email claiming United States President-elect Donald Trump was shot by Iranian agents.
Credential Phishing Page
Once a victim clicks the enticing call to action, the link takes the victim to the page shown in Figure 2. Although this page does not bear much resemblance to the legitimate message seen on The New York Times website, it is enough to provide an explanation for why victims need to log in to their company account. Once the paid account sign-up image in Figure 2 is briefly flashed, victims are redirected to the semi-legitimate-looking login portal seen in Figure 3, which makes use of the company logo and name associated with the victim’s email address. It also displays information about the victim, such as the browser being used and their geolocation.
Figure 2: Landing page of the phishing campaign, which is accessed right after clicking on the hyperlink in the malicious email.
Figure 3: The credential phishing page customized with information about the victim.
This credential phishing campaign illustrates how threat actors exploit current events, such as the recent U.S. presidential election, to manipulate people's emotions and lure them into engaging with malicious content. At Cofense, our team diligently monitors emerging threats in the email security landscape to keep our customers informed about the latest phishing trends and risks. To discover how our team can help your organization avoid the phishing threats that bypass your perimeter defenses, schedule a demo today.