Inky has reported a new phishing attack designed to confuse Secure Email Gateways (SEG). The attack is using hidden text to stop the SEG rejecting the email as fraudulent. It is also taking advantage of the Unicode Soft Hyphen feature to hide the displayed text from the SEG engine. The result is that the email is delivered to the user, looks like a legitimate email and is likely to be successful at harvesting user credentials.
Cybercriminals have been spotted using HTML/CSS and Unicode tricks to bypass tools meant to block malicious emails, marking a new twist in phishing techniques, security researchers report.
We’re used to hackers slipping malicious links and attachments into phishing emails. That doesn’t mean there aren’t the occasional slip-ups that result in malware infections, but for the most part, cyber-savvy users recognize the tricks used to fool them.
Initially targeting Zoom users; the phishing scam aims for Outlook and Office365 credentials. As the digital world deals with the added responsibility of hosting more and more meetings online, popular video conferencing apps like Zoom and Microsoft Teams have increasingly come under fire from cybercriminals.
'Impersonating sites of reputable organizations has become super-easy,' says Dave Baggett, Co-Founder and CEO of INKY Cybercriminals are exploiting the COVID-19 pandemic to hook unsuspecting people curious for information on the crisis. They are bombarded with fabricated new work from home policies or fake layoff/furlough notifications. The Internet Crime Complaint Center (IC3), the online crime reporting mechanism of the Federal Bureau of Investigation (FBI), has seen the frequency of complaints shoot up since the beginning of the pandemic. According to reports, the number of complaints has tripled or quadrupled. Origin of The Perpetrators According to several reports and social media, most of these attacks are executed by criminals in Russia, China, or North Korea. However, INKY, a cloud-based cybersecurity company, has a totally different view. Its latest report traces most phishing attacks to the US. Dave Baggett, Co-Founder and CEO of INKY, says a large number of IP addresses tracked in the phishing email headers originated from somewhere in the US. Asked why the US figures so prominently in the phishing attack ecosystem, Dave claimed: "The majority of our users are American. Phishers prefer to target victims within their own geography because it's more natural to research and impersonate since it's the same culture and language. Non-American attackers also spoof a USA origin to evade geographical filters." In an exclusive interview with the International Business Times, the INKY co-founder and CEO gives his detailed take on the attacks. Excerpts from the interview: IBT: What are the new trends you have observed recently in the phishing world? Dave: Malicious HTM or HTML attachments that build credential harvesting sites on a victim's local network. Bad actors get stolen credentials directly emailed to them if the victim uses it. We have also observed dynamic algorithms that impersonate the recipient's domain in a phishing email. IBT: How easy is it for someone to execute an attack of this nature? Dave: Executing a phishing attack is easier than you can think. Anybody could buy a cheap confusable domain name and some hosting space to execute an attack. And impersonating sites of any reputable organizations have become super-easy. Anyone can just download real company logos, trademarks, copyrights, and HTML/CSS codes from the internet and add them on a site to imitate.
An anti-phishing firm discovered that most of the malicious coronavirus emails were coming from the United States. COVID-19 phishing emails have been bombarding inboxes since the virus began to spread in December and January. Cybercriminals have tried to push all kinds of scams to the masses using coronavirus-related topics, headers and organizations to get people to open malicious emails, files, or links. Complaints about phishing attacks have tripled since the concerns about COVID-19 became widespread, according to the FBI's Internet Crime Complaint Center. Cybersecurity company INKY pored through the months of coronavirus-themed phishing emails and compiled a report on where most of them were coming from, finding that the majority of IP addresses found in email headers originated from the United States. Dave Baggett, CEO of INKY, acknowledged that these IP addresses might be easily spoofed by more skilled attackers but explained that there were a number of reasons most attackers would be in the US. "The majority of our users are American. Phishers prefer to target victims within their own geography because it's easier to research and impersonate since it's the same culture and language," he said in an email interview, adding that non-American attackers may also want to spoof a US origin to evade geographical filters.
Scammers have been sending out emails that impersonate the U.S. Federal Reserve and lure recipients with financial relief options through the Payment Protection Program.
Phishing scammers have started to impersonate President Trump and Vice President Mike Pence in emails that distribute malware or perform extortion scams.
Phishing emails and their associated websites often impersonate well-known organizations, brands, businesses, and other familiar subjects to try to trap potential victims. They can spoof banks and financial establishments, hospitals and healthcare groups, and even one's own employer. A series of recent phishing emails examined by INKY targeted people curious or anxious about COVID-19 by impersonating the White House and some in the administration.
Inbound Mail Protection
Block impersonations and coach users against phishing.
Learn more
Outbound Mail Protection
Prevent high risk data loss before it can get out the door.
Learn more
Internal Mail Protection
Protect against attacks that come from within.
Learn more
Email Encryption
Guard sensitive data with fast and simple encryption.
Learn more
Advanced Attachment Analysis
Detect deeply hidden malware from inbound attachments.
Learn more
Graymail Protection
Boost productivity by filtering out bulk email.
Learn more
Security Awareness Training
Educate employees with phishing simulation and videos.
Learn more
Email Signatures
Control signatures for compliance and branding.
Learn more
DMARC Monitoring
Monitordomain usage to improve email delivery.
Learn more
Archiving
Protect, recover, and ensure compliance for critical data.
Learn more
