Email Security Blog

What's Hiding Under the Table? A New Microsoft Phishing Scam

Hiding under the table might sound like child’s play, but to those fighting cybercrime and email phishing scams, it’s recently taken on a much darker meaning.

Camouflaged Phish

In the ocean, select species of fish have the ability or blend into their surroundings. It’s how they survive. Oddly, when it comes to email phishing, the objectives are the same. Every hacker, black hat, phisher, and cybercriminal share the common goal of creating a phish that seamlessly blends into the background so that it can swim through cloud security, secure email gateways (SEGs), and even some of the best email security services in order to land in the inbox of an unsuspecting employee.

Setting the Table

Did you know that email security programs don’t analyze content that comes in the form of a table? The reasoning is simple – tables have never been known to pose a threat or been used in phishing scams. Until now.

Enter the savvy cybercriminal.

Some pretty savvy phishers figured out that not only are tables easy to get through email phishing protection platforms, but you can also hide malicious links and text inside of them to create a new form of hard-to-detect phishing scams. Though the biggest “Aha!” moment for phishers likely came when they tied this flaw in the system with the shape of a popular logo.

In 2012, when Microsoft last updated its logo, chances are good that the company wasn’t thinking about potential email phishing scams. What’s more, the designers probably didn’t know that in eight short years Microsoft would be the most phished brand in the world. Had this intel been available, perhaps the multinational technology company would have created a logo that was a little harder to replicate then four colored squares (a.k.a. a table).

Come ‘N Get It!

After setting the table (that is, designing a malicious table disguised as a Microsoft logo), phishers began luring would-be victims to take the bait. Disguised as password expiration emails, important SharePoint files to download, fake voicemail notifications, and more, hackers began unleashing malicious email phishing scams designed to steal valuable data, revenue, and credentials.

Turning the Tables on Email Phishing

This new embedded table phishing tactic is a form of brand impersonation that other email phishing solutions just can’t detect. INKY, however, sees everything. Using computer vision, artificial intelligence, and machine learning, INKY delivers a relentlessly effective level of security, capable of detecting and stopping phishing threats and similar cybercrimes before any employee falls for them. INKY’s ingenuity is unlike other email security platforms. INKY sees things the way humans do, recognizing logos, brand colors, email signatures, and more — but it also sees the millions of things humans can’t, including tables embedded with dangerous links and attachments.

In an era where email phishing solutions are not equipped to detect unique HTML phishing threats, INKY proved, once again, to be an unstoppable force in the war against phishing. If you’re curious to know how INKY uncovered this well-disguised phishing scam, you may enjoy reviewing the email security report entitled, “The Microsoft Table Logo Impersonation Scam”.

Microsoft Table Logo Scam - social

Last year, cybercrime cost America more than $4 billion – the majority of which was a result of an undetected phishing threat.1 If you’re ready to get the email phishing protection your company needs, now is a great time to schedule a free INKY demonstration.

----------------------

INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.

1Source: https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

Topics: