BofA Phish Gets Around DMARC, Other Email Protections

2020-06-18 13:00

A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month, with emails that get around secure gateway protections and heavy-hitting protections like DMARC. The campaign involves emails that ask recipients to update their email addresses, warning users that their accounts could be recycled if this isn't done.

"This ensured that the email wasn't caught in the bulk email filters provided by native Microsoft email security or the Secure Email Gateway."

Anand told Threatpost, "We're working on identifying scope of impact outside of our customer base but campaigns like this in the past have been fairly broad in their attack scope since the content is generic enough to cut across organizations and industry verticals. Within our customer base, it was not a mass email but not a single email either. A few key VIPs or VAPs got the email."

The email they examined was able to get past common authentication checks, such as DMARC. DMARC is an industry standard that flags messages where the "From" field in an email header has been tampered with.

"Although the sender name - Bank of America - was impersonated, the email was sent from a personal Yahoo account via SendGrid. This resulted in the email successfully passing all authentication checks such as SPF , DKIM and DMARC," explained the researchers.

News URL

https://threatpost.com/bofa-phish-gets-around-dmarc-other-email-protections/156688/

#dmarc #email #phish

News URL

Related news