A phishing attempt targeting domain investors used the name of a law firm as the main bait.
As reported by domain investor, George Kirikos, the phishing email consisted of a link to open an “encrypted file” using the Evernote platform. At the destination, the HTML file prompted users to run it in the web browser while having Javascript enabled, as the file itself was encrypted.
Using a third party virtual machine the output consisted of a fake multi-platform login page that looks like this:
The phishing portal is attempting to steal login credentials for Outlook, IONOS, AOL, and other email providers as potential loot from the targeted emails.
Following the attack and reports about this activity, the law firm referenced in the phishing email has set up an auto-responder system warning against the opening of the file.
The attack is targeting professionals in the domain industry, as others have reported the same. We will not share the name of the law firm as they are merely a victim of this fraudulent attempt to steal account credentials. Here’s some more information on the abuse of the Evernote platform as a facilitator of spear phishing attacks.
Many thanks to George Kirikos for sharing the information on Twitter and for warning others about it.