Over the past few days, I’ve noticed a variety of malicious emails with different styles. All of these emails use the lure URL link.shoppermeet[.]net.
Link attempts to redirect users to a Microsoft 365 phishing page for credential harvesting. The threat actor even tries to include company images and logos to make the email appear more legitimate.
#ThreatIntel
Fellows /
npub1x6…0qtcd
2025-02-14 15:49:47
Author Public Key
npub1x6rdj7gu3magc9j29a042njygsjx9hg3husmk45sjf9n7rhx85fqs0qtcdPublished at
2025-02-14 15:49:47Event JSON
{
"id": "2711267d3f6fcbd1f24fa28ea85a811c5bf4c0137d0cdf4bad70025a99cf1ceb",
"pubkey": "3686d9791c8efa8c164a2f5f554e44442462dd11bf21bb5690924b3f0ee63d12",
"created_at": 1739548187,
"kind": 1,
"tags": [
[
"proxy",
"https://cyberplace.social/@fellows/114003030044047142",
"web"
],
[
"t",
"threatintel"
],
[
"proxy",
"https://cyberplace.social/users/fellows/statuses/114003030044047142",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://cyberplace.social/users/fellows/statuses/114003030044047142",
"pink.momostr"
],
[
"-"
]
],
"content": "Over the past few days, I’ve noticed a variety of malicious emails with different styles. All of these emails use the lure URL link.shoppermeet[.]net.\n\nLink attempts to redirect users to a Microsoft 365 phishing page for credential harvesting. The threat actor even tries to include company images and logos to make the email appear more legitimate. \n\n#ThreatIntel",
"sig": "60aa71f86eb88bc03e191d1b17836a75cb44fe2dece9127e5a26864cd50fcfde2fff4b22e008528c882c9dc7212930f458307b715a91c567caa0655131b81340"
}