Alert: Branded phishing

This week I have three alerts for you, but I want to go into some detail about each of them so I’m going to put them into three separate posts. My hope is that you will read each with interest.

There’s a new phishing game in town and it’s enabled by a software package that criminals can purchase to make their efforts more effective. Yes, criminals buy software packages too and the developers that create it often hide under the moniker “security researcher”. If you’re interested, you can read about it here. It’s very good at creating corporate branded phishing scams. Someone has to go first and even before we were alerted in the tech media that this scam was out there one of our clients encountered it. We’ve been unpacking it and testing it in sandboxed environments.

In this scam, a phishing email is sent to you with your corporate branding in it. The email content looked like what you see below but will vary depending on what the criminals find is working. Note the cluster of colored dots, those represent the branding of our client and note too that there’s a comforting note at the bottom of the message.

Now, when you click on View Attachments, you are prompted to login to 365. This fake login screen is perfectly branded. However, there are a couple of hints to pay close attention to.

  1. Notice the URL It’s long and crazy. If it were a legitimate login portal it would still be crazy long, but it would start with Like this:
Anytime you are prompted to login it should start with

2. There’s an errant \n after the words Welcome to Sphere Trending application portal. It shouldn’t be there. That could have just been a typo. So, don’t count on that one necessarily being there when you receive this scam. But you should always look out for minor typos like this.

What happens when you put your password in?

It will say that your password is invalid. But the fake website is capturing the password that you just entered. They will then have an automated process kick off that will start throwing your username and password at other websites to see what they can get into. Your Amazon account, restaurants, online shopping, banks, credit card companies, social security, tax filings…anywhere your credit card or banking information might be housed. Next, they’ll add your username and password to a database and when they’ll collected enough username and password combinations, they’ll be able to sell that database to other scammers.

If you do think that you’ve gotten a scam like this be sure to let us know right away so we can determine the potential damage that may have occurred. If you did enter your password don’t let embarrassment stop you from saying so. These things are designed to fool. It’s not you; it’s them. The potential damage to your personal life and possibly the corporation far outweighs any embarrassment you could suffer.

About Harbor Computer Services

Harbor Computer Services is an IT firm servicing Southeastern Michigan. We work exclusively under contract with our clients to provide technology direction and either become the IT department or provide assistance to the internal IT they already have. We have won many awards for our work over the years, including the worldwide Microsoft Partner of the Year in 2010. Most recently we were recognized as one of the top MSP’s in the nation by ChannelFutures coming in at #40 nationwide. And in 2016 as the top Michigan IT firm for Manufacturing. There are a few simple things that make Harbor Computer Services the best choice for your business. •We are Professionals •We are Responsible •We care about your business

Leave a comment

Your email address will not be published. Required fields are marked *

One thought on “Alert: Branded phishing”