Scammers have been found impersonating employees of a private equity firm in a new phishing campaign. They are posing as employees from firms like Crossplane Capital and Edgemont Partners to lure their victims.
How does the scam work?
Discovered by researchers from PhishLabs, the scam involves cybercriminals posing as either of the private equity firms and submitting non-disclosure agreements (NDA).
Adding a pinch of authenticity to evade
To make it less suspicious, the URL for NDA uses a recently registered domain that impersonates the domain of real Private Equity firms. The look-alike fake domains are:
All of these links redirect the victims to hxxps://serversecuredhttp[.]com.
The site poses as Box - which is a content management and collaboration site commonly used to share documents. It instructs the victim to login using their Office 365 account in order to download the document.
“The look-alike domain with the ‘s’ is used in the link to the facade document (not visible in the screenshot),” explained researchers.
Identifying the red flags
Organizations should follow the following action to safeguard themselves against active campaign: