Avanan Blog Attack Briefs (4)


When a Legitimate Pension Fund Uses Fraudulent Phishing Tactics

Avanan researchers have discovered an interesting “marketing” campaign from a legitimate company that leverages pension fund fraud tactics normally used in phishing ...

Read more

Can I Have Some More? Blatant Financial Scam Makes Way to Inboxes

Avanan researchers have uncovered a widespread financial scam attack. The attack aims to get sensitive bank and financial information from the victim.

Read more

ZeroFont Phishing: Three Years Later, the Attack Form is Still Out There

Back in 2018, Avanan uncovered an attack we called ZeroFont phishing. The idea is that hackers insert hidden words into the text with a font size of zero. The recipi...

Read more

Flipping Out: Hackers Hijack Legitimate File Service to Reach Inboxes

Avanan researchers have uncovered a specific attack that was seen 282 times across 18 different environments in the past two weeks. This attack leverages Flipsnack, ...

Read more

Bad Check: Another Malicious Invoice Gets Through

Another day, another invoice scam. This time the fake invoice is actually a malicious HTML file. Despite this being a very basic credentials harvesting attack  it wa...

Read more

Invoiced: When an Ask For Payment Is an Invitation for Malware

Invoice-related spam is common. It doesn't mean, though, that everyone stops it. 

Read more

Novel Tax Scam Utilizes Spoofed IRS Address to Defraud Users

Tax season is always ripe with attacks, ranging from the simple to the sophisticated. This particular attack showcases a truly well-crafted and deceptive phishing em...

Read more

The Tax Hack Cometh: Open Season for Tax-Based Attacks

With tax season around the corner, we’re seeing a very expected uptick in tax-related malicious emails. This particular email was malware sent from a domain register...

Read more

Bitcoined: Leveraging the Currency for Attacks

Investing in Bitcoin? You're not alone. Tons of people are. Hackers have noticed and are leveraging it to start attacking end-users. 

Read more

The Universal Language of Phishing

It's reasonable to expect that phishing emails that come to your inbox will be in your native tongue.

Read more

SEG Miss of the Week: 2/4/21

This week's SEG miss of the week follows a targeted social engineering attack. Proofpoint missed this attack.

Read more

ATP Miss of the Week: 2/4/21

Today’s ATP Miss of the Week is yet another credential harvesting attack that flew by Microsoft’s security. We have seen this exact attack over 900 times in 20 diffe...

Read more

ATP Miss of the Week: 1/28/2021

This week, we uncovered a simple credential harvesting attack. We saw this in over 30 organizations, suggesting something targeted.

Read more

ATP Miss of the Week: 1/20/2021

This week, we uncovered an attack that uses both Microsoft Forms and Typeform.  We saw this across multiple organizations.

Read more

ATP Miss of the Week: 1/13/2021

This week, we uncovered an attack that uses a Zoom notification.  We saw this across multiple organizations and in multiple weeks. 

Read more

14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial