A Fake Scotiabank Voicemail Was Actually an HTML File Asking You to Call an Attacker
ID: 5bd09c9f-3d66-500c-a0a0-8d5e0918f4ee
STIX ID: report--5bd09c9f-3d66-500c-a0a0-8d5e0918f4ee
Feed Name: IRONSCALES
An attacker leveraged a compromised decade-old GoDaddy-hosted small-business email account to send a Scotiabank-branded fraud alert to a CFO, including an HTML attachment disguised as an MP3 voicemail and a US toll-free number as the sole call-to-action; SPF and DMARC passed so the message appeared legitimate, no malicious links or payloads were present, and the campaign's objective was to trick the recipient into calling an attacker-controlled phone line to stop a purported $3,000 Interac e-Transfer.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
