Security News > 2021 > September > 3 tips to protect your users against credential phishing attacks
A new phishing campaign spotted by Armorblox tried to steal user credentials by spoofing a message notification from a company that provides email encryption.
A successful phishing email that obtains the right username and password can gain access to an entire network.
Hitting users of Microsoft 365, Microsoft Exchange and Google Workspace, the phishing emails wound up in around 75,000 mailboxes.
By spoofing an email encryption service like Zix, the phishing email was designed to create a sense of security.
The phishing emails described here snuck past the security built into Microsoft 365, Google Workspace, Microsoft Exchange and Cisco ESA, according to Armorblox.
For stronger protection against email attacks and credential phishing attacks, you need to augment your built-in email security with additional layers that take a different approach.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)