🚨 Phishing Campaign Alert – Targeting Business Emails

Today, I received a well-crafted phishing email on my personal mailbox targeting contact@alichisom.com.

The email claimed:

“Incoming Messages For (contact@alichisom.com ) On Hold”
“You have incoming messages pending on alichisom.com mail server. Release emails to your mailbox.”

It included a “Release Mail” button — designed to create urgency and trigger immediate action.

After analyzing it, the button redirected to the following phishing domain:

Technical Red Flags Observed:

Suspicious Subdomain Abuse

The attacker abused a cloudworkstations.dev subdomain to host a fake login page. This is a common tactic because such domains often inherit trust from legitimate cloud infrastructure.

Credential Harvesting Page 

The landing page displayed:

• A branded login interface with my domain name
• “Previous session expired, login to continue”
• Email field pre-filled with my address
• Password prompt + “Next” button
• Fake “I am not a robot” verification page

This is classic credential harvesting behavior.

Psychological Manipulation

• Fear of missing emails
• Administrative tone
• Minimal design to reduce suspicion
• Pre-filled email to increase legitimacy

Why This Matters

Attackers are increasingly using:

• Legitimate cloud hosting platforms
• Auto-generated subdomains
• Realistic login templates
• CAPTCHA simulations

These campaigns bypass basic spam filters and rely heavily on social engineering, not malware.

Security Takeaways

✔ Always inspect the full URL before logging in
✔ Be suspicious of “urgent mailbox release” emails
✔ Check sender domain carefully (spoofing is common)
✔ Use MFA on all business emails
✔ Report and block phishing domains immediately

As cybersecurity professionals, we must continuously educate users and organizations about evolving phishing tactics.

This was a reminder that even security professionals are targets — and vigilance is non-negotiable.

Stay safe. Stay aware.

— Ali Chisom
System Administrator | Cybersecurity