Hello, welcome to the Friday, March 6th, 2020 edition of the Sands and at Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Sort of interesting fishing email today that Xavier is going over.

This one does not use of the typical trick where they find a random website, compromise it,

and then insert the fishing page.

Instead, they're using an existing service here, surveygismo.com, to launch their fishing

attack.

Surveygismo, like other similar websites, allows you to set up online surveys and they

just sort of create their fishing page

as a survey essentially and with that they hope to bypass some filters. On the other hand,

the page doesn't really look all that plausible I find, so not sure how many users

actually fall for this.

And talking about fishing mentioned yesterday, a coronavirus.

I just received an email that was not a fish that came from healthcare.gov,

but sort of had all the hallmarks of a phishing email.

So if you have users submitting emails as fishes

that contain a link to lnks.gd,

that apparently is the domain that the US government is now using

sort of as a short link, click-through count. I'm not really sure why they need

a short link for a link in an email, but either way makes the email look very suspicious.

And comment any users submitting it to you as a possible fish, because it really should not be a

link that anybody clicks on.

...