Avanan Blog Attack Briefs (3)


File-Sharing Services Continue to Be Ripe for Impersonation

Scammers continually utilize and spoof file-sharing services to launch attacks. We've seen this recently with the We Shouldn't Transfer Attack, the Flipping Out Atta...

Read more

Winner Pays: Lotto Scam Reaches End-Users

We all dream of the day that the lotto card finally breaks our way and we can make our way to financial glory.

Read more

Flex On 'Em: Leveraging Legitimate Sites to Launch Attacks

Many email security vendors are now heavily relying on sender domain reputation as an indicator of phishing. Avanan's research has found that 43.35% of all phishing ...

Read more

Decode This: Another Obfuscated File Getting Past Scanners

A email comes that says it has remittance advice. 

Read more

Please Confirm: Payment Notice Gone Awry

Payment confirmations are essential in business. You need to know a payment has been processed. 

Read more

Reverse Jinx: Scammers Ask Why They Paid Victim in Credential Harvesting Scheme

An interestingly-worded campaign has bypassed ATP scanners and made it into inboxes.

Read more

(Don't) Take it to the Bank: Direct Deposit Scam Hitting Inboxes

Direct deposit is a great convenience for businesses and individuals. 

Read more

CAPTCHA This: Bypassing SEGs via reCAPTCHA

Traditional SEGs scan emails through filters that check URLs in emails against various static lists to determine how to treat each URL. Based on the decisions made b...

Read more

PDF-Based Attack Gets Past Email Scanners

PDFs are not always what they seem. They are good vectors to launch attacks, because PDFs are usually important, meaning end-users are likely to click. One estimate ...

Read more

Spoofing Excel to Get Credentials

A static HTML file isn't always what it seems.

Read more

PhishGun: How Phishing Attacks From Services Like Mailgun Bypass Microsoft 365 Security

Avanan researchers have identified a new attack form whereby adversaries leverage reputable Email Delivery Services (EDS) to launch and obfuscate their attacks again...

Read more

A Microsoft Swing and a Google Miss: Spoofed Pages Get to the Inbox

Credential harvesting is one of the most popular attack forms out there. It's simple. Get a user to click on a link. At the link, get them to enter their information...

Read more

Lucky Penny: Missing ATM Card Attack Bypasses Scanners

Believe it or not, the classic Nigerian Prince scam is still around and still kicking. In 2018, Americans lost over $700,000 to the scam. Yikes.

Read more

Hidden Meaning: Using Obfuscation to Fool Natural Language Processing

A rapidly increasing attack campaign is hitting inboxes.

Read more

We Shouldn't Transfer: Getting End-Users to Give Over Credentials

You may have heard about the recent Accellion breach. Accellion, a file-sharing app, was breached and now tons of universities and corporations have been hit. Major ...

Read more

1 2 3 4 5
14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial