Spear Phishing Attempts – August 8, 2021

  • A confirmed Phishing email is attempting to harvest credentials anyone who entered credentials or suspect to enter credentials needs to reset the password.
  • We strongly suggest MFA be enabled for all office365 accounts.
  • Can you please provide the original email by saving the email as a file then double zipping the email.

Block the following domain

Orginal Email Contains the following Information

The Security Operation Center at iSecurity has detected an active phishing campaign coming from Health Unit. The email address appears to be spoofed from address sherri.st.jean@healthunit.ca and various subsets are also observed.

The URL’s below are actively trying to trick users into providing office365 credentials

Subject: Health Unit

Sender: sherri.st.jean@healthunit.ca

Once the link is clicked on the following XLS spreadsheet is provided

1. https://[airtable].[com]/shr63bIXvUndV98Ek/tbluBlPrdQJDDI66V


This link redirects the user to a URL

1. https[:]//[tasteofjxn].[com]/[5]/[idunop]/

Various Next Generation AV actively block the URL testing with Trendmicro, Eset

Lastly, to those who are leveraging our 24/7 Healthcare Security Operations Center (SOC) / SIEM, your network is being monitored and we will provide regular updates. To those who are not – please feel free to reach out to raheel.qureshi@isecurityconuslting.com or kees.pouw@isecurityconsulting.com and we will add you to our distribution list.

We will also provide updates to organizations we are servicing through our Incident Response Retainer.

Do not panic but stay safe and protected. We can always connect with you 1-on-1 to provide better guidance on how to gain better visibility into your controls, network, dark web, privileged user access protection and active threat hunting. The landscape around ransomware has evolved as the Healthcare sector is willing to pay ransom and malicious threat actors are now stronger than ever.

Please go ahead and share this with your peers.

For any other questions or concerns, please feel free to reach out to info@isecurityconsulting.com.

Best Regards,

The iSecurity Team