First-of-Its-Kind Attack Technique Scraped Certificate Data for Certificate Errors Phish

Blog

Threat Alert

First-of-Its-Kind Attack Technique Scraped Certificate Data for Certificate Errors Phish

David Bisson

Malicious actors leveraged a new technique for a certificate errors phishing campaign in which they scraped real certificate data and included it in their attack email.

Inside the Fake Certificate Error

In the middle of April, the Zix | AppRiver team detected an email that masqueraded as a “Let’s Encrypt Error Prevention” message.

The email arrived with a personalized subject line that included the name of a domain owned by the recipient. It then informed the recipient that Let’s Encrypt had automatically detected an issue with their R3 digital certificate, noting that there was specifically a “conflict in SSL/TLS certificate signature algorithm.”

To add a sense of legitimacy to its claim, the attack email pulled real certificate data and the DNS A-record to tailor the phishing message to the recipient’s domain.

Threat Alert

First-of-Its-Kind Attack Technique Scraped Certificate Data for Certificate Errors Phish

Blog

First-of-Its-Kind Attack Technique Scraped Certificate Data for Certificate Errors Phish

Inside the Fake Certificate Error

Hackers Spoof 401K Notices & Expose Stolen Data

Trump Health Scare Used as Malware Lure

Phishers Using HTML Attachments to Target Indeed Users

Threat Actor Continues CPA Attacks with Email Containing Driver’s License Images

Colonial Pipeline Disrupted by Now-Defunct DarkSide Operation