Avanan reports an ongoing business email compromise (BEC) fraud scheme leveraging the automated mailing service provided by Genially (genial.ly).
The social engineering scheme is particularly effective because the email originates from the intended legitimate source, namely the genial.ly domain. The email directs the user to a Genially creation page just like a regular Genially email would do. The email looks perfectly legitimate - because its origin and content are technically legitimate. Re-direction to a malicous site occurrs only after landing the creation page, when the user is prompted to click on an image.
The malicious page appears to be a typical phishing page with ability to capture corporate login credentials.
As a proactive measure, organizations may conduct a review of email proxy logs in order to identify unusual emails from genial.ly (default address: no-reply@genial.ly), particularly in the case this tool is not typically used within the organization.