This week has produced some interesting phishing campaigns and some new tactics with the attackers creating some new and innovative methods to bait users and make their campaigns look more legitimate. We work tirelessly to discover the latest techniques used for phishing in order to brief our clients and create realistic phishing campaigns to lure our clients staff into taking the bait. The pieces below are derived through Internet research and the output from our investigations and research.


Office 365 Phishing Campaign Exploits Legitimate Domains 

With the huge increase in the usage of Office 365 coupled with some of the deployments being made in haste, there has been a bit of a feeding frenzy from numerous phishing campaigners.

One clever campaign discovered by Check Point Research was found to use legitimate domains coupled with legitimate Adobe Campaign redirection and Oxford University email addresses as the source.  It all started with the fake missed voice message emails, that I'm sure most of us received, The Check Point Research article is worth a read and really well written. More Info ....


reCAPTCHA - I am not a robot

Microsoft Security Intelligence have reported that a threat actor is cleverly using CAPTCHA to avoid automated analysis of their malware infested websites   More Info....  I imagine it might also add a degree of legitimacy to human visitors. Ars Technica have a good article about it here More Info...


Bypassing Email Defences of SPF, DKIM and DMARC

Anand Chetan of Armorblox reports on how a recent Bank of America phishing campaign used simplicity and authenticity to bypass the usual security measures. The email was well crafted for receipt by just a few users, although the sender name was impersonated, the email address was a legitimate Yahoo address and therefore passed the usual checks. The phishing domain was also legitimate having been created a few days prior and was not yet identified as rogue.

More Info ....


Covid-19 Phishing Trends

Help Net Security have released an interesting article following a report by Abnormal Security on the trends they have noticed during the current pandemic with an initial increase of 436% which later reduced to an average of 173% increase, which is still significant. They also report on "...a shift from individual to group BEC attacks, with campaigns with more than 10 recipients up 27% compared to Q4 2019. Attackers also adjusted their targets, with attacks on finance employees increasing more than 75% as attacks on C-Suite executives decreased by 37%. This illustrates a trend away from paycheck and engagement fraud and toward payment fraud, specifically invoice fraud attacks, which increased more than 75%...." More Info...

 

Some Other Phishing Highlights This Week

Furloughed workers and the dormant phishing threat. A concern was raised this week that once furloughed workers open their inboxes after several months of build up, they may be more likely to open phishing emails in their haste to catch up

North Korea BEC Scams. At The ESET Virtual World Security Conference, ESET researcher, Jean-lan Boutin disclosed that the North Korean Lazarus Group are attempting to steal money from targets they initially breached for espionage.

Covid-19 Themed Campaigns Down.  The Microsoft Threat Protection Intelligence Team report that the Covid-19 themed campaigns are significantly down on the March peak. More Info...





...

How to Pre-Pend a Warning to Office 365 Emails - CND News and Blog

We've helped several clients reduce the number of successful phishing email attacks As part of our Managed Phishing Assessment Service we send realistic but benign phishing emails and the responses have been shocking. One client had 32% of the
...

Phishing Assessment

We send a realistic phishing email. Instead of being malicious, victims will be educated on what they could have done to identify it.