Security News > 2020 > September > Phishing attack baits victims by promising access to quarantined emails
The goal is to concoct phishing emails and landing pages so convincing that they can fool even the most sharp-eyed user.
A new phishing campaign described by phishing awareness provider Cofense in a Friday blog post uses several tactics to appear legitimate.
As analyzed by the Cofense Phishing Defense Center, this phishing attack is directed toward employees within an organization.
The phishing emails have already gotten through different security email gateways and have targeted a variety of industries.
"With the advancement of phishing techniques, it's becoming more difficult to quickly detect. Obviously, if an email is promising you riches, a new car or worldwide fame, it's probably not legitimate. But, that same sense you get from something obvious will be piqued with advanced techniques as well. Anything that asks for credentials or tries to create urgency or, based on your experience with phishing simulations doesn't feel right, probably isn't. That extra few minutes is worth saving your organization from potential breach, ransomware attack, or other theft."
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- European companies hit with effective DocuSign-themed phishing emails (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)