Looks like cybercriminals have come up with yet another innovative means to distribute malware. Researchers at INKY, which provides tools to combat phishing attacks, have discovered that cybercriminals are now sending emails that come with fake attachments, known as phaxttachments. When recipients click on the attachment they are actually clicking on a URL that takes them to a fake website where they are prompted to give up their credentials.
INKY CEO Dave Baggett said cybercriminals then use those credentials to compromise a raft of software-as-a-service (SaaS) applications.
Phaxttachments look so much like the real thing that it’s difficult for the average end user to distinguish between a real attachment and fake one, Baggett said, noting the only way to effectively combat this threat is to rely more on algorithms that have been trained to look for phaxttachments. End user training is not likely to prove very effective at identifying phaxttachments; however, end users should be trained to not give up credentials simply because some website asks for them to access a file that appears to have come from a trusted source.