This article analyzes a phishing email purportedly from Kakao, warning users about their accounts transitioning to inactive status. The email manipulates recipients into verifying their accounts by presenting a sense of urgency while hiding the actual sender’s identity. It highlights the importance of recognizing phishing attempts and maintaining security. Affected: Kakao users, digital security sector
Keypoints :
- The phishing email claims that Kakao accounts will be switched to inactive status unless verified.
- Users are given a deadline of one month to confirm their accounts to avoid deactivation.
- The sender’s email address is disguised, attempting to mimic Kakao’s official email.
- Details from the email headers reveal the actual server used to send the phishing attempt.
- Attention is drawn to discrepancies between official Kakao domains and the phishing domain.
- The article advises users to stay vigilant against phishing and underscores the importance of identifying legitimate email sources.
MITRE Techniques :
- T1566 – Phishing: The email uses a sense of urgency to lure victims into revealing personal information.
- T1556 – Modified Client Software: The phishing email is crafted to appear as if it comes from Kakao, misleading victims about its origin.
- T1071 – Application Layer Protocol: The attackers utilized legitimate email protocols to bypass simple checks and ensure the phishing email reached users.
Indicator of Compromise :
- [Email Address] noreply_system001@kaka(.)net
- [Email Address] root@uws64-180(.)cafe24(.)com
- [IP Address] 183(.)111(.)174(.)84
- [URL] hxxp://jad(.)co(.)kr/module/lgxpay/login/746912247(.)php
- [Domain] uws64-180(.)cafe24(.)com
Full Story: https://wezard4u.tistory.com/429394