Phishing Attempts Against IPVM Employees - Any Insights?

To help make others aware of phishing tactics, I want to share details of a recent attempt against an IPVM employee. Also, in event there are those who have expertise or insight into how common various phishing tactics are- it would be good to hear what you think.

In the below examples, a sender, using a Gmail account, is pretending to be John Honovich – using his name and title (in one attempt), to approach an IPVM employee.

IPVM Image

**** ****** *** ** *** ******** these ******** ******* ***:

** *** ****** **** ***** – we've **** **** **** ****** ** IPVM- ***** **** ** ******** ** the ****, ** *** ******** ******* their ********, **** *** ********** **** a ******** *******.

**** ****** **** *** ******* *********** or ********** *******?

Reactions:

(3)

Brian Karas

Pelican Zero

**** ****** **** *** ******* *********** or ********** *******?

**** ** ***** ******, ****. * don't ***** ***** ** *** ******** targeting ** **** ** ********* ****.

Reactions:

(1)

John Honovich

IPVM

In reply to Brian Karas

**'* ********* ****? **'* ****** *** it **** ***** ********? *** ********?

Reactions:

Brian Karas

In reply to John Honovich

Pelican Zero

** **** **** ** ** ****** automated, ***** * ****** *** ** human ********. *'** ****** ****, *** Angela *** **** ******** ****, *** had *** ****/***** **** ** *** "from" ***** ** **** **** ** her *********. ** *** ****, *** phishers ********** * ****** **** *** very ***** ** ***** ******* ******, but ** **** * *** **** it ***** **** **** **** *** result ** **** ***** **********.

******* ******** **** ********* *** ******** telling ** **** **** ** ***** new **** ******* *** ** ****** employees **** *** ********** ** *** company ***** *** ** **** **** email *** ********* ****** **** ** purchase ***** **** ***** ** ***** items *** ********* ******* *****. * think ***** ********* ******** ****** *** very **********.

Reactions:

(1)

(2)

(1)

Clint Hays

* *** * ******* ***** **** so * ***'* ***** ** ** anything ******* ******* ****.

Reactions:

(1)

Undisclosed #1

IPVMU Certified

**** ** **** **** ***** ******…

*** * ****** *****. *** **** they ****.

Reactions:

(1)

(3)

Andrew Myers

Reactions:

(1)

Andrew Myers

*** **** ** *** * ***** for **,
**** **** ** ******,

**** ******* *****, ********* ***** ***** addresses... ** ***** ****** *** ******. There**** **** *************** ******** ******* **** ***** ************* to **** *** *** **** ******** targets (*'* *** **** **** ******** makes *****). ******** *** *** ************ targeting *** ***** ******** **** ** with ********* **** **** **********.

Reactions:

Undisclosed Manufacturer #2

* *** *** ** ***** **** was ********** **** * **-******. * saw **** ** *** *** **** my *******'* ***** ******* *** *** to **** ************* ** *** **** it *** ********* **** ** ***** might **** **** * **-******'* ******** email *******. * **** ** **** phone ******. * **** *** * text ****** **** *** *** * meeting **** ** ********* ****** *** could * ******** **** **** ***** that ** ***** **** ** ***** clients. ** **** ***** * **** right **** **** *** ********* *** deleted *** **** *** ******* *** number.

Reactions:

(2)

Undisclosed #3

**** ***** ******** ** ********* ***** on ******* ** *** ********** ******* the ****** *** *** ******** ******* I *******.

**’* * ****** *** ******* ****** with **** *************** ** ****** **’* automated, ** ********’* ********* *** *** they’re ***** *** ***’* **** ** pony ** *** * ******* ******** campaign :)

Reactions:

(1)

Undisclosed Integrator #4

** *** *** **** ******** **** this ******; *** ****** ** ****** always *** **** ***. *** **** invoice, ***** **** ****, *** ** some ****** *********, *** *** ***.

Reactions:

(1)

Alex Gruss

* *** **** ***** **** ** own *********** ****** ** *****.

** ***** ** ****** *** ******** spear ******** *******. **** ** ***** spoofers *** **** ******* ********* *** they ****** ******** ****** ********** *******, which ** *** ** ***** ********* and *** *** *******. **** **** websites *** *********** *** ****** *** employees **** *** **** **** ****'* who **** ******* ** **. **** may ** ****** *********.

**** *** *** *** **** ** that **% ** *** ******* ********** are ********. ****** *****-******** **** ****, or ******** (**** ********). * ****** IPVM ** ****** **** **** ********** a ******** **** ** *** ***, and *** ** ** * ****** to ******* ***** *** ***** *** fooled. ** *** **** **** *** its * ****** ******* **** **** cost **** **** **** ******* ******** will.

** *** **** * **** ******, try ****** *** ****** *****. **** of ***** ******** ** *** **** DMARC ** **** (******** *** ************ of ** ***** *******) ******* *** that **** **** *** ******.

***** *** **** ** ****** ********* but * **** ******* ********* ** answer *** ********* *** ***** *** need **** **** **** ******* ** network ********.

Reactions:

(2)

(3)

John Honovich

IPVM

****** ***! * *** ********* ***** phishing ******** ******* **** **** / train ********* **** "****" ******** ********. What ** *** ***** ** *****? and ** ** *** ******** **** you *********?

Reactions:

Alex Gruss

In reply to John Honovich

**'** **** **** **** *** ***. One ******* ***********, ***** *** **** **** ** setup *** *** *******- * ** person **** ***** ************** ********** ***** easily ******* *** *** *** *** results. *** *** *** * *** tests *** **** ***** ***** ******* the *****.

** **************** ** * ****** **** ******** but ** **** **** ************ *** completely ****!

Reactions:

(4)

(1)

John Honovich

IPVM

In reply to Alex Gruss

****** *** ******* ***** *******, *******! I've ***** ***** *** ****** *** may ** ********** ** ****.

Reactions:

Undisclosed #5

In reply to Alex Gruss

Reactions:

Brian Karas

In reply to John Honovich

Pelican Zero

***'** **** ******** **.

***** *** ****** **** ** **** to ****** **** * ****** *** of ******** *********.

*** *** **** ** ********* **** I ***** *** **** ** ****, just **** ** * ****** ******* to **** *** * ******** *****.

Reactions:

(1)

Hans Kahler

Eagle Eye Networks

** *** **** **** **** ** thing. ** ******** ***** *** ********* on *** *** *** **** ******** type ** ******* (*** ******.). ** have ******** ******* ** * ****** to *** **** *******. *********** **** want *** *** ******** ** ** buy **** ***** (****** ** *****) and **** **** ****** ** **** to *** ********. * **** * couple ** ******* **** ***** ********** that **** *** ******* *********.

Reactions:

Ian Johnston

*** **** **** ****** *** ******** you *** **** **** **** ******* to *****?

Reactions:

(1)

Undisclosed Integrator #6

In reply to Ian Johnston

*** ****** ********!

Reactions:

Marty Major

Teledyne FLIR

** *** **** *** *** ******* company, **** ** **** (** * vendor **** ****) **** ********* *** your ***** **** ***** **** ******** emails.

***'** ******** ** ***** ** *** Phish **** *** ******* **** *** think **'* * ******** ***** *** then **** *** ** * ************** message *** *** ***** * ***** and *** *** *** ** **** anyone ***** *** ******** ** **** they *** ******.

* *** *** **** ** **, but ********** * **** **** ***** annoying *** **** **** **** ** the *****.

Reactions:

(1)

Undisclosed #1

IPVMU Certified

In reply to Marty Major

…**** ***** **** ******** ******.

** ****’** **********?

…*** *** *** ** **** ****** about *** ******** ** **** **** are ******.

*** ******’* **** **** *** ** tell? ***’* **** **** **** ** raise *********?

Reactions:

(1)

Marty Major

Teledyne FLIR

*** ******’* **** **** *** ** tell? ***’* **** **** **** ** raise *********?

***** **********'* **** ****** - **** **'* our ****** ****** - *** ******* that ** **** **** ** *** to **** * **** *** ** able ** ****** *** **** ** tell ******* * ****** **** * know **** **** ***'*.

** *********** **** *** **** ****** to *** ** ** ** ********* pawn ** ***** ********* ********.

Reactions:

Undisclosed #1

IPVMU Certified

In reply to Marty Major

…*** [ **** ] ******* **** if **** **** ** *** ** tell * **** *** ** **** to ****** *** **** ** **** someone * ******…

***’* *** ******* ********** ****** ***.

Reactions:

(1)

Marty Major

Teledyne FLIR

******, ***...

******* ********** ** *** ** *** weakest *** *******-**-**** ***** ** **********/**** flam - *** *****'* **** **** on ***** **** ** **** *** naturally ********** ** **********.

Reactions:

Undisclosed #1

IPVMU Certified

In reply to Marty Major

******, ***...

*** ** ********** *’* ******, *****?

“***’*…”

Reactions:

(1)

Marty Major

Teledyne FLIR

* **** *** ***** **** ** your *****... ***** **%. ; )

Reactions:

Undisclosed Integrator #7

**** ** **** **** **** *******...

**** *** ****, *** ******* ****.

Reactions:

Lynn Harold