Hello, welcome to the Wednesday, January 19th, 2020 edition of the Sands and it's Storms owners, Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

A good interesting fishing email today that Jan ran into now.

First, it's fairly standard.

It claims to be a fax received via a syrox scanner.

So often you have also seen this kind of lure being used for malware. In this case, however,

if you click on it, well, it redirects you to an Office 365 fishing page.

But what sort of made this email stand out more than the fact that it was sort of impersonating

that the Syrox scanner was that it actually also included an ad for Syrox.

Couple reasons for this.

First of all, I'm not familiar with this particular Syrox product.

They're impersonating here, but it's very possible that they do include ads like this,

so they're now just impersonating the complete email as it would show up from a legitimate source.

But it could also be a second way to essentially try to monetize

these phishing emails by adding some ads.

And well, maybe based on keywords in the email,

this was the ad, the ad network delivered for this particular email.

In general, this looked sort of like a fairly unsophisticated copy-paste job when it comes

to the phishing page.

They actually didn't get some of the JavaScript right and such to actually make it work

properly.

...