Security News > 2021 > September > 3 tips to protect your users against credential phishing attacks
A new phishing campaign spotted by Armorblox tried to steal user credentials by spoofing a message notification from a company that provides email encryption.
A successful phishing email that obtains the right username and password can gain access to an entire network.
Hitting users of Microsoft 365, Microsoft Exchange and Google Workspace, the phishing emails wound up in around 75,000 mailboxes.
By spoofing an email encryption service like Zix, the phishing email was designed to create a sense of security.
The phishing emails described here snuck past the security built into Microsoft 365, Google Workspace, Microsoft Exchange and Cisco ESA, according to Armorblox.
For stronger protection against email attacks and credential phishing attacks, you need to augment your built-in email security with additional layers that take a different approach.
News URL
Related news
- AI-driven phishing attacks deceive even the most aware users (source)
- Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks (source)
- Monday.com removes "Share Update" feature abused for phishing attacks (source)
- Okta warns of credential stuffing attacks targeting its CORS feature (source)
- Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud (source)
- FlyingYeti phishing crew grounded after abominable Ukraine attacks (source)
- More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack (source)
- New phishing toolkit uses PWAs to steal login credentials (source)
- Guide to mitigating credential stuffing attacks (source)