Check Point Email Security | Blog

ATP Miss of the Week: 1/7/2021

Written by Jeremy Fuchs | January 7, 2021

This week, we uncovered an attack that claims a password is about to expire.  We saw this across multiple organizations.

It works like this:

The subject of the email reads: ՍPDАTЕ- Ехрirаtiоn Nоtifiаtiоn

(It's worth noting the double spelling errors.)

The body links to a page that says it will allow you to change your expiring password, but in actuality is just harvesting your credentials.

Here's what it looks like:

 

You'll then be directed to this page: