How phishing attacks evade traditional security defenses

2021-03-30 18:44

A report issued on Tuesday by email security provider Armorblox looked at the tactics employed by three recent phishing campaigns and suggests ways to avoid these types of scams.

In each case, the emails were able to get past security defenses to end up in the inboxes of their targeted victims.

The page looks similar enough to the real Facebook login portal and conveys a sense of urgency so that some Facebook users may fill out the form without scrutinizing the URL. The phishing email in this attack got past both Cisco Email Security Appliance and Microsoft's Exchange Online Protection.

This Microsoft phishing email thwarted both Cisco E Email Security Appliance and Microsoft EOP. The email was assigned a Spam Confidence Level of -1 by Microsoft.

Clicking the link in the email had directed users to a phishing page hosted on Omnisend, an e-commerce email marketing and SMS platform.

The actual phishing email evaded the defenses of Symantec Advanced Threat Protection but got a Spam Confidence Level of 5 from Microsoft, which redirected it to the junk folders of recipients.

News URL

https://www.techrepublic.com/article/how-phishing-attacks-evade-traditional-security-defenses/#ftag=RSS56d97e7

#attack #defense #phishing #security

News URL

Related news