Security News > 2021 > September > 3 tips to protect your users against credential phishing attacks
A new phishing campaign spotted by Armorblox tried to steal user credentials by spoofing a message notification from a company that provides email encryption.
A successful phishing email that obtains the right username and password can gain access to an entire network.
Hitting users of Microsoft 365, Microsoft Exchange and Google Workspace, the phishing emails wound up in around 75,000 mailboxes.
By spoofing an email encryption service like Zix, the phishing email was designed to create a sense of security.
The phishing emails described here snuck past the security built into Microsoft 365, Google Workspace, Microsoft Exchange and Cisco ESA, according to Armorblox.
For stronger protection against email attacks and credential phishing attacks, you need to augment your built-in email security with additional layers that take a different approach.
News URL
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- GoIssue phishing tool targets GitHub developer credentials (source)