Security News > 2020 > September > Phishing attack baits victims by promising access to quarantined emails
The goal is to concoct phishing emails and landing pages so convincing that they can fool even the most sharp-eyed user.
A new phishing campaign described by phishing awareness provider Cofense in a Friday blog post uses several tactics to appear legitimate.
As analyzed by the Cofense Phishing Defense Center, this phishing attack is directed toward employees within an organization.
The phishing emails have already gotten through different security email gateways and have targeted a variety of industries.
"With the advancement of phishing techniques, it's becoming more difficult to quickly detect. Obviously, if an email is promising you riches, a new car or worldwide fame, it's probably not legitimate. But, that same sense you get from something obvious will be piqued with advanced techniques as well. Anything that asks for credentials or tries to create urgency or, based on your experience with phishing simulations doesn't feel right, probably isn't. That extra few minutes is worth saving your organization from potential breach, ransomware attack, or other theft."
News URL
Related news
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- PoisonSeed phishing campaign behind emails with wallet seed phrases (source)
- iOS devices face twice the phishing attacks of Android (source)
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Phishing emails delivering infostealers surge 84% (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)