Security News > 2020 > November > New tool lets attackers easily create reply-chain phishing emails
A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim's inbox.
Called "Email Appender," the tool can enable more sophisticated phishing and business email compromise attacks as well as help the less technical actors in the ransomware business.
While Email Appender's method is not new, it provides a much simpler way to inject emails in a thread, enabling less technical actors to run more sophisticated attacks.
If valid email credentials are on the list, the tool connects to the account through the Internet Message Access Protocol used to receive messages from a mail server.
With valid 'Sender' and 'From' fields, it is easy to bypass defenses and even trick a trained eye to deliver fraudulent messages and malware-laden emails that appear legitimate communication from a trusted sender.
News URL
Related news
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)