Emails with fake invoices has been one of the most popular attack vectors against Office 365 email users for the past several years. The malicious emails are disguis...
Emails with fake invoices has been one of the most popular attack vectors against Office 365 email users for the past several years. The malicious emails are disguis...
For several weeks, we detected (and blocked) an attack targeting one of the largest municipalities in the U.S. that bypassed Office 365 default security, using a sim...
Recently, we have been seeing a number of phishing attacks using a simple strategy to get their blatant email spoofs past Microsoft's phishing scans. The tactic, whi...
Update: Microsoft has repaired this vulnerability on 5/16/18, two weeks after we first reported it to them. We recently uncovered what may be the largest security fl...
We started tracking a new method hackers use to bypass Gmail's SPF check for spear-phishing. The hackers send from an external server, the user receives the email fr...
Avanan has been catching multiple attacks against its customers using a new phishing method called Mailsploit. We have observed this attack on both Office 365 and Gm...
Avanan’s security analysts recently tracked an increased number of attacks against cloud-based HR systems such as ADP, Workday, Zenefits and Justworks, to compromise...
The Basics of the Nickname Email Spoof Attack We have trained our users to distrust a sender's nickname and validate an identity by looking at the original email add...
This targeted phishing attack against Office 365 Outlook customers impersonates Excel Online in an HTML attachment in order to trick users into entering their creden...
A new widespread phishing attack against Office 365 email customers uses Google's App-Engine website to redirect victims to download malicious files. Avanan security...
In several past blogs, we described how hackers bypass Office 365 Security with Punycode encoding, and then Unicode characters. In this attack report we discuss an a...
This attack report covers a massive attack on Office 365 users that leverages the trust Office 365 puts in its own links.
This is a large scale phishing attack against Office 365 that we have been seeing across the majority of our Office 365 customers. The attack takes advantage of Offi...
“One question was what exactly were the hackers after? They had compromised at least one account, yet they still weren’t done. What was next? But the big question wa...
In the past 30 days, the Avanan platform has detected and blocked thousands of unique phishing attacks against our customers. The most interesting are those that byp...