This article examines a phishing email designed to redirect victims to a fake YouTube page. It outlines the email’s content, analysis of sender details, and various security checks, highlighting the risks associated with such phishing attempts. Affected: YouTube, email users, individuals and entities potentially targeted by phishing scams.
Keypoints :
- Analysis of a phishing email that links to a counterfeit YouTube site.
- The phishing email’s filename is 11.eml, with a size of 65,662 Bytes.
- Hashes for the email include MD5, SHA-1, and SHA-256 values.
- The email claims to be from a legitimate address but fails SPF checks, indicating spoofing.
- Email headers reveal high priority and urgent importance, indicative of social engineering tactics.
- Potentially malicious action anticipated through the fake YouTube account for scams.
MITRE Techniques :
- Phishing (T1566) – The email is crafted to trick users into accessing a fraudulent YouTube page.
- Email Spoofing (T1530) – The email uses a misleading sender address not authorized by the domain’s SPF record.
- Social Engineering (T1551) – The email emphasizes urgency to compel recipients to act quickly without skepticism.
Indicator of Compromise :
- [Email Address] [email protected]
- [Email Address] [email protected]
- [IP Address] 173.195.100.155
- [Hashes] MD5: 22c3f4bdd48227f846774a0198291843
- [Hashes] SHA-1: 202de930ba98ca1371701e3b5c753250251ba1d5
Full Story: http://wezard4u.tistory.com/429391