In case you come across a suspicious Evernote notification in your inbox, act with caution since it might be part of a cybercriminal campaign designed to lure users to malicious websites.
According to Dynamoo’s Blog, the fake emails appear to come from email@example.com and they carry the subject line “Image has been sent.”
The emails look something like this:
“Image has been sent.
DSC_990341.jpg 33 Kbytes
Go To Evernote.
Copyright 2014 Evernote Corporation. All rights reserved”
The link doesn’t point to Evernote, but to one of many malicious websites set up to serve malware.
A list of the domains and IP addresses used by cybercriminals in this attack are available on Dynamoo’s Blog. The same group (RU:8080) is behind numerous spam runs, including ones that leverage the names of Pinterest, Dropbox, the BBB, and UPS.