Scammers Running Phishing Scam with Tennessee Government Email ID
It is easy to hack a domain and set up scams for visitors but using a government email address to run a phishing campaign is a bit odd.
Recently, I received an email which of course went straight to spam. I wouldn’t care if it was a random email but, in fact, it was from a state of Tennesee-based email address.
The email ID is Darlene.Kirk@tn.gov and belongs to Darlene Kirk, a Carroll County clerk at Department of Motor Vehicles. It is unclear if the email is hacked or someone is using it to get people onto the phishing site.
Here’s a complete analysis of this phishing campaign:
The email comes from “Darlene.Kirk@tn.gov” email ID (from a Tennessee IP address: 170.141.166.33) with the subject: “Helpdesk & Support Updates.” The email content talks about detection of an unusual sign-in activity and warns the users that their webmail account has been violated from an IP address: 59.69.159.72. which goes back to the ISP “China Education and Research Network Center” in Nanyang city.
The email further asks the user to click the link below to confirm their location.
//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js (adsbygoogle=window.adsbygoogle||).push({});
Upon clicking the link, the user is directed to a Netherlands-based domain (hansidmar.nl/onleech.me/index.php) which is probably hacked to run this phishing scam. The link opens with an Outlook login page asking users to enter their username and password.
If you are using Google Chrome, the good news is that it already prevents users from accessing the site and has listed it as a phishing scam.
If you are using Safari browser, it shows that the phishing page has been deleted from the site, either way it is a win-win situation.
This phishing scam is history, however, there are thousands of scams well active and stealing login credentials from users around the world. HackRead believes on online security and urges readers to keep yourself safe from such scams. In case, you have been scammed or know about an ongoing scam email right now at waqas@hackread.com.