Security News > 2021 > March > How phishing attacks evade traditional security defenses
A report issued on Tuesday by email security provider Armorblox looked at the tactics employed by three recent phishing campaigns and suggests ways to avoid these types of scams.
In each case, the emails were able to get past security defenses to end up in the inboxes of their targeted victims.
The page looks similar enough to the real Facebook login portal and conveys a sense of urgency so that some Facebook users may fill out the form without scrutinizing the URL. The phishing email in this attack got past both Cisco Email Security Appliance and Microsoft's Exchange Online Protection.
This Microsoft phishing email thwarted both Cisco E Email Security Appliance and Microsoft EOP. The email was assigned a Spam Confidence Level of -1 by Microsoft.
Clicking the link in the email had directed users to a phishing page hosted on Omnisend, an e-commerce email marketing and SMS platform.
The actual phishing email evaded the defenses of Symantec Advanced Threat Protection but got a Spam Confidence Level of 5 from Microsoft, which redirected it to the junk folders of recipients.
News URL
Related news
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- iOS devices face twice the phishing attacks of Android (source)
- Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense (source)
- 41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Skyhawk Security brings preemptive cloud app defense to RSAC 2025 (source)