Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

2021-09-28 10:00

Armorblox researchers have spotted an ongoing credential-phishing attack that spoofs an encrypted Zix email - one coming, weirdly enough, from what looks like a legitimate domain associated with the Baptist religion.

God isn't sending encrypted Zix messages: If hapless users click on the spoofed email's link, it will try to download a presumably unholy HTML file onto their system.

The subject header is "Secure Zix message." The email body's header reiterates that title and tells the intended victim that they've received a secure Zix message.

"Whether these domains are used to send the email or host the phishing page, the attackers' intent is to evade security controls based on URL/link protection and get past filters that block known bad domains," Iyer said via email.

The spoofed Zix email got past the security controls of Office 365, Google Workspace, Exchange, Cisco ESA and others.

Armorbox recommended that for better protection coverage against email attacks, be they spear-phishing, business email compromise or credential phishing attacks like this one, "Organizations should augment built-in email security with layers that take a materially different approach to threat detection."

News URL

https://threatpost.com/credential-spear-phishing-uses-spoofed-zix-encrypted-email/175044/

#credential #email #encrypted #phishing #spearphishing

News URL

Related news