Security researchers came across a phishing email that used a Google Ad redirect as a part of its efforts to steal victims’ Microsoft credentials.
Cofense found that the email originated from the legitimate email address “info@jtpsecurity[.]co[.]za.” The security firm reasoned that attackers had compromised that email account and abused their access to target employees in multiple organizations.
The email arrived with a message indicating that it was sent with “High importance.” When coupled with the inclusion of the word “security” in the sender’s email address and the use of “Recent Policy Changes” as the subject line, this tactic attempted to trick the recipient into believing that the email was important and required immediate attention.