A spam campaign and its malware element still being probed.
A spam campaign through phishing emails targeting US financial and healthcare staff has been exposed by security firm Barracuda Networks.
The spam, which comes from a Gmail account and comprises Google as well as Google Drive branding, claims that the recipient has received a new document by declaring that a ‘document has been attached,’ and notifies users to ‘Click Here’ to gain access to the document.
Barracuda research and data scientist Luis Chapetti told SCMagazine.com: "The tell-tale giveaway is the destination URL which finds itself going to various hacked domains and never anything hosted on Google’s servers.
"It is a simple click through the email that redirects to a page that looks much like a [Google] page asking for credentials to open the document that is being shared."
Compromised sites linked in the phishing email contain Google, TRUSTe and Norton branding, as well as assert to be a Symantec Safe Site, researchers noted.
With the origin of the spam campaign and its malware element still being probed, any credentials entered will be delivered back to the attackers.
Chapetti added: "An attacker can gain a multitude of data [by compromising just one employee].
"Companies that deal with finances and healthcare maintain data anywhere from your bank account to Social Security to full health reports."