Credit Resources Vault: Why this credit email set off our scam alarms

Key Points:

• A suspicious email promoting "Credit Resources Vault" was flagged by Malwarebytes Scam Guard, raising concerns about potential phishing and data collection tactics.
• The email, originating from the domain cosmosshift.org, solicits sensitive personal and banking information under the guise of a credit eligibility check, targeting financially vulnerable individuals.
• Analysts recommend users avoid engaging with such emails, verify the legitimacy of financial services before sharing personal data, and utilize security tools to monitor for potential scams.

Technical Details: The email directs recipients to a website (yourcreditvault.com) that collects extensive personal information, including banking details and signatures. The site employs obfuscation techniques to conceal data transmission paths.

MITRE ATT&CK Techniques:

• T1566 - Phishing (Initial Access)
• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)

IOCs Mentioned:

• cosmosshift.org
• yourcreditvault.com
• yourscore.ca
• creditresources.ca
• debtlesscredit.com