Avanan Blog Attack Briefs


Hackers Host Phishing Pages on Lucidchart

Lucidchart is a popular site used to collaborate on drawings, charts, diagrams and more.

Read more

Mirroring Actual Landing Pages for Convincing Credential Harvesting

The hacker has two tasks: Get into the inbox. And get the user to hand over the desired information. Hackers spend tons of time thinking of creative ways to do both....

Read more

Sending Phishing Emails From PayPal

In June, we wrote about how hackers were sending phishing emails directly from QuickBooks.

Read more

With Prime Day Around the Corner, Be on the Lookout for These Amazon Scams

It’s practically a holiday at this point: Amazon Prime Day. Two days of ridiculous deals and savings.

Read more

The Classic O365 Credential Attack

Credential harvesting remains the most popular form of phishing.

Read more

Sending Phishing Emails from QuickBooks

Hackers continually impersonate trusted brands to get into the inbox. By leveraging the legitimacy of a trusted domain, security solutions are more likely to view th...

Read more

New Attack Spoofs PayPal to Obtain Payment from End-User

In November, we wrote about an attack that spoofed Amazon. The attack worked by using legitimate Amazon links, forcing the end-user to make a phone call instead to c...

Read more

Fake Business Proposal Contains Macro-Infected Excel Spreadsheet

Financial scams are the name of the game. After all, hackers are after your money first and foremost. 

Read more

Following the Phishing Path

As security professionals, you never want end-users to click on a phishing link. But following the path of what would've happened if they did can be instructive.

Read more

The Reverse Text Attack

When attackers are crafting malicious messages, they have two opposing goals.

Read more

Local Meetings Under Attack

Virtual community and school board meetings have been commonplace over the last two years. Instead of gathering in person, these meetings, often held over Zoom, have...

Read more

Roblox Exploited with Trojans from Scripting Engine

Roblox is one of the most popular game systems in the world. In 2021, this gaming platform grew from 32.6 million daily active users to nearly 50 million, across 180...

Read more

The Gmail SMTP Relay Service Exploit

The “From” field in an email–or even in snail mail–is just an address line that the sender types in. Just like anyone can go to a post office and send a card that co...

Read more

Leveraging Microsoft Legitimacy to Get into the Inbox

What looks like a new, missed voice message is actually a way to send phishing pages through to the inbox. 

Read more

Financial Scams Can Be Tricky to Spot. Here's Some Tips

Financial scams come in all shapes and sizes. They can spoof major companies. They can spoof minor companies. They can be threatening. They can be confusing. 

Read more

COVID Scams Remain in Inboxes

As COVID stubbornly remains in our lives, so too do COVID-related scams.

Read more

Spoofing Credit Unions for Profit

In February, the National Credit Union Administration (NCUA) put out a statement noting that, due to the geopolitical climate, credit unions should “adopt a heighten...

Read more

It's Tax Day: Lookout for Scams

It's everyone's favorite day--Tax Day!

Read more

Using Quoted-Printable Encoding to Bypass Scanners

Phishers have a toy chest of tricks when it comes to building email campaigns. Oftentimes, what you read in the email body is represented by deceptive coding techniq...

Read more

Can You BE-C It?

Here's how you know an email is a BEC.

Read more

1 2 3 4 5
14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial