Perfora is the mail platform for 1&1 - probably the largest webhost in Europe
They appear to provide outbound mail relays for their hosted servers instead of allowing all of them to send directly over smtp --srs ________________________________ From: mailop <mailop-boun...@mailop.org> on behalf of Eric Henson via mailop <mailop@mailop.org> Sent: Monday, August 10, 2020 11:41:26 PM To: mailop@mailop.org <mailop@mailop.org> Subject: [mailop] spearphishing Slightly sanitized headers: https://pastebin.com/w2JJj8TJ Email pretends to be a Microsoft voicemail, with an attachment that uses javascript to open a URLEncoded page. Image of page for the more cautious: https://imgur.com/WOpva4Q broken hyperlink for the more adventurous: ttps://objectstorage.us-sanjose-1.oraclecloud.com/n/axcdfbfimho2/b/bucket-dreamland20200806-0427/o/index.html#u...@example.com You can edit the email address at the end to be whatever you like. Microsoft has started putting the emails in the “Junk” folder, but Barracuda just lets them right on through. I’m opening a case with Barracuda as to why they can’t catch this, but I’m open to suggestions on other activities I can do. I’ve seen about a dozen of these, targeting 3 finance-related employees. All are routed through perfora.net, which apparently has an open relay? Anyone know anything about that domain? I’m putting in a rule to block anything that has perfora.net in the header. -------- Eric Henson Windows Server Team Manager PFSweb, Inc. m: 972.948.3424 www.pfsweb.com
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
