Malicious actors leveraged a new technique for a certificate errors phishing campaign in which they scraped real certificate data and included it in their attack email.
Inside the Fake Certificate Error
In the middle of April, the Zix | AppRiver team detected an email that masqueraded as a “Let’s Encrypt Error Prevention” message.
The email arrived with a personalized subject line that included the name of a domain owned by the recipient. It then informed the recipient that Let’s Encrypt had automatically detected an issue with their R3 digital certificate, noting that there was specifically a “conflict in SSL/TLS certificate signature algorithm.”
To add a sense of legitimacy to its claim, the attack email pulled real certificate data and the DNS A-record to tailor the phishing message to the recipient’s domain.