Security News > 2021 > September > Credential Spear-Phishing Uses Spoofed Zix Encrypted Email
Armorblox researchers have spotted an ongoing credential-phishing attack that spoofs an encrypted Zix email - one coming, weirdly enough, from what looks like a legitimate domain associated with the Baptist religion.
God isn't sending encrypted Zix messages: If hapless users click on the spoofed email's link, it will try to download a presumably unholy HTML file onto their system.
The subject header is "Secure Zix message." The email body's header reiterates that title and tells the intended victim that they've received a secure Zix message.
"Whether these domains are used to send the email or host the phishing page, the attackers' intent is to evade security controls based on URL/link protection and get past filters that block known bad domains," Iyer said via email.
The spoofed Zix email got past the security controls of Office 365, Google Workspace, Exchange, Cisco ESA and others.
Armorbox recommended that for better protection coverage against email attacks, be they spear-phishing, business email compromise or credential phishing attacks like this one, "Organizations should augment built-in email security with layers that take a materially different approach to threat detection."
News URL
https://threatpost.com/credential-spear-phishing-uses-spoofed-zix-encrypted-email/175044/
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Gang gobbles 15K credentials from cloud and email providers' garbage Git configs (source)
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- GoIssue phishing tool targets GitHub developer credentials (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- European companies hit with effective DocuSign-themed phishing emails (source)