HTML/Paylap.JY!phish

description-logoAnalysis

  • This detection is for a phishing mail disquising as an official notification from Paypal.

  • It contains the following sample message:
    "If you are the rightful holder of the account you must click the link below and then complete all steps from the following page as we try to verify your identity. .........."
    "If you choose to ignore our request, you leave us no choise but to temporaly suspend your account."

  • The spammed mail contains a URL that indicates http://www.e - n v b . c o m/.ws.xcgiundefined3fF6=1/webscrcmd1.php which holds the site intended to compromise the user's personal information

  • Below is a sample screenshot of the spammed mail:

  • recommended-action-logoRecommended Action


      FortiGate systems:
    • check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the " Allow Push Update" option

    • FortiClient systems:

    • Quarantine/Delete infected files detected and replace infected files with clean backup copies

    Telemetry logoTelemetry

    Detection Availability

    FortiClient
    Extreme
    FortiMail
    Extreme
    FortiSandbox
    Extreme
    FortiWeb
    Extreme
    Web Application Firewall
    Extreme
    FortiIsolator
    Extreme
    FortiDeceptor
    Extreme
    FortiEDR