Phishers using Zix to “legitimize” emails in the eyes of Office 365 users

2021-05-12 10:30

Abnormal Security removed the blog post after receiving legal notice from Zix.

Through their PR agency, Zix contacted us to say that the blog post was removed because they believe it contained multiple false and misleading statements, and they asked us to remove our article or issue a retraction.

The report noted that the attack was sent using the secure email system Zix, which lends an air of credibility to the attack because Zix should ostensibly be verifying that the link isn't malicious.

This is incorrect as the attacks were sent from a compromised Office 365 account, not "Using" a Zix product.

Authentic Title, LLC who owns the compromised O365 account is not a Zix customer.

The blog noted "As the header and footer of the message suggest, this link takes the message recipient to an official Zix authentication site that checks the link for safety." From what we observed, the email in the phishing campaign email sent by the compromised O365 account: did not include a link having zixcentral.com in the URL; and did not include a header or footer identifying Zix.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/NeWwtiGGYaU/

#email #office #office365 #phisher