Avanan researchers have discovered an attack that takes over the account of a trusted customer to send phishing emails.
The emails, missed by Barracuda, are sent by a trusted customer of a company. Making matters worse is that Barracuda added a header that reads: "This sender is trusted." That allows the end-user to believe that the email can, in fact, be trusted, when, in fact, it cannot. Here's what the email looks like:
The email is fairly simple. It's just a large picture pretending to be a PDF. The picture, though, has an embedded phishing link that leads to a credential harvesting website.