Source: www.healthitsecurity.com A new phishing campaign has been spotted in the wild using hidden text, or what’s known as zero font, to bypass email security controls and deliver malicious emails to the user, according to a recent report from Inky Technology.
Video conferencing tech has been a lifeline for businesses, helping them sustain operations and communications amid the surreal events of 2020. But this sudden reliance was a vulnerability that some were ready to exploit.
Inky has reported a new phishing attack designed to confuse Secure Email Gateways (SEG). The attack is using hidden text to stop the SEG rejecting the email as fraudulent. It is also taking advantage of the Unicode Soft Hyphen feature to hide the displayed text from the SEG engine. The result is that the email is delivered to the user, looks like a legitimate email and is likely to be successful at harvesting user credentials.
We’re used to hackers slipping malicious links and attachments into phishing emails. That doesn’t mean there aren’t the occasional slip-ups that result in malware infections, but for the most part, cyber-savvy users recognize the tricks used to fool them.
Initially targeting Zoom users; the phishing scam aims for Outlook and Office365 credentials. As the digital world deals with the added responsibility of hosting more and more meetings online, popular video conferencing apps like Zoom and Microsoft Teams have increasingly come under fire from cybercriminals.
'Impersonating sites of reputable organizations has become super-easy,' says Dave Baggett, Co-Founder and CEO of INKY Cybercriminals are exploiting the COVID-19 pandemic to hook unsuspecting people curious for information on the crisis. They are bombarded with fabricated new work from home policies or fake layoff/furlough notifications. The Internet Crime Complaint Center (IC3), the online crime reporting mechanism of the Federal Bureau of Investigation (FBI), has seen the frequency of complaints shoot up since the beginning of the pandemic. According to reports, the number of complaints has tripled or quadrupled. Origin of The Perpetrators According to several reports and social media, most of these attacks are executed by criminals in Russia, China, or North Korea. However, INKY, a cloud-based cybersecurity company, has a totally different view. Its latest report traces most phishing attacks to the US. Dave Baggett, Co-Founder and CEO of INKY, says a large number of IP addresses tracked in the phishing email headers originated from somewhere in the US. Asked why the US figures so prominently in the phishing attack ecosystem, Dave claimed: "The majority of our users are American. Phishers prefer to target victims within their own geography because it's more natural to research and impersonate since it's the same culture and language. Non-American attackers also spoof a USA origin to evade geographical filters." In an exclusive interview with the International Business Times, the INKY co-founder and CEO gives his detailed take on the attacks. Excerpts from the interview: IBT: What are the new trends you have observed recently in the phishing world? Dave: Malicious HTM or HTML attachments that build credential harvesting sites on a victim's local network. Bad actors get stolen credentials directly emailed to them if the victim uses it. We have also observed dynamic algorithms that impersonate the recipient's domain in a phishing email. IBT: How easy is it for someone to execute an attack of this nature? Dave: Executing a phishing attack is easier than you can think. Anybody could buy a cheap confusable domain name and some hosting space to execute an attack. And impersonating sites of any reputable organizations have become super-easy. Anyone can just download real company logos, trademarks, copyrights, and HTML/CSS codes from the internet and add them on a site to imitate.
An anti-phishing firm discovered that most of the malicious coronavirus emails were coming from the United States. COVID-19 phishing emails have been bombarding inboxes since the virus began to spread in December and January. Cybercriminals have tried to push all kinds of scams to the masses using coronavirus-related topics, headers and organizations to get people to open malicious emails, files, or links. Complaints about phishing attacks have tripled since the concerns about COVID-19 became widespread, according to the FBI's Internet Crime Complaint Center. Cybersecurity company INKY pored through the months of coronavirus-themed phishing emails and compiled a report on where most of them were coming from, finding that the majority of IP addresses found in email headers originated from the United States. Dave Baggett, CEO of INKY, acknowledged that these IP addresses might be easily spoofed by more skilled attackers but explained that there were a number of reasons most attackers would be in the US. "The majority of our users are American. Phishers prefer to target victims within their own geography because it's easier to research and impersonate since it's the same culture and language," he said in an email interview, adding that non-American attackers may also want to spoof a US origin to evade geographical filters.