Avanan Blog Attack Briefs (4)


Change of Direction: Too Many Redirects Fool Scanners

A common way for attackers to evade security solutions is to include URL redirects in the body of an email. For security solutions to effectively determine if the UR...

Read more

Don't Close: Scamming Closing Notifications with Credential Harvesting

Avanan researchers have uncovered an attack that leverages the notification of closing documents to send a credential harvesting link.

Read more

The Static Expressway: Leveraging Legit Sites to Get to the Inbox

We've been writing a lot lately about hackers are leveraging legitimate services as attack vectors. This trend is not going away, whether it's Google Docs, MailGun, ...

Read more

Do Not Call List: Hackers Impersonating Amazon to Get You to Call

How many Amazon notifications do you get? (If you're like some, it's a lot.) That means it's a perfect opportunity for hackers to try and exploit it to get some info...

Read more

Attackers Take Advantage of New Google Docs Exploit

Avanan analysts have recently discovered an exploit vector in Google Docs that attackers are using to deliver malicious phishing websites to victims.

Read more

Insecure Services: Spoofing Secure Email Notifications

With the increased attention to email security in every organization, users are getting used to receiving documents sent to them over "secure" services. With sensiti...

Read more

Lack of Trust: Pretending to be a Trusted Sender to Steal Credentials

Avanan researchers have discovered an attack that takes over the account of a trusted customer to send phishing emails.

Read more

Hackers Using Microsoft Against Itself

Attackers are using automated methods to generate attack email addresses that end in the onmicrosoft.com domain to try and bypass any email filters that may have onm...

Read more

Return to the Office. Get Welcomed by Phishing Emails

Returning to the office? Many workers around the country and the world are. Hackers are noticing.

Read more

Whole New Ballgame: GameStop's URL Leveraged for Phishing Attacks

On May 17th, Avanan researchers noticed a spike in phishing emails containing links to a particular subdomain of GameStop.com. GameStop is an American gaming company...

Read more

GroupThink: Targeting Group Emails to Bypass Scanners

Over the last three days, we have seen over 800 phishing emails sent to 11 different clients that try and leverage language that is normally used by physical or onli...

Read more

Help Is Not On the Way: Phishing Masquerading as COVID Relief

SEGs that rely on allow or blocklists are playing an ever-increasing catchup game when it comes to catching phishing emails. This phishing campaign shows us the resu...

Read more

Dat's Bad Attack: Hackers Using .dat Files to Bypass SEGs

A .dat file is a generic file that is used in various applications. What's unique about them is that they can only be used by the application that created them. For ...

Read more

The Synonym Attack: Using Similar Words to Get By Scanners

Because of the rise of invoice related phishing emails, many security vendors have resorted to treating emails with the word “invoice” in the subject/body/attachment...

Read more

Dropping In: Attackers Leverage Dropbox to Get to Inboxes

Attackers are sharing files with suspicious names to users through Dropbox. Because Dropbox is a reputable service, most email security vendors will allow these file...

Read more

Subscribe Now: A Subscription to Phishing

The software industry is built on subscriptions. You pay for a year, or more, and then when the time comes, you can choose to renew (or not).

Read more

File-Sharing Services Continue to Be Ripe for Impersonation

Scammers continually utilize and spoof file-sharing services to launch attacks. We've seen this recently with the We Shouldn't Transfer Attack, the Flipping Out Atta...

Read more

Winner Pays: Lotto Scam Reaches End-Users

We all dream of the day that the lotto card finally breaks our way and we can make our way to financial glory.

Read more

Flex On 'Em: Leveraging Legitimate Sites to Launch Attacks

Many email security vendors are now heavily relying on sender domain reputation as an indicator of phishing. Avanan's research has found that 43.35% of all phishing ...

Read more

Decode This: Another Obfuscated File Getting Past Scanners

A email comes that says it has remittance advice. 

Read more

14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial