Avanan Blog Attack Briefs (5)


Please Confirm: Payment Notice Gone Awry

Payment confirmations are essential in business. You need to know a payment has been processed. 

Read more

Reverse Jinx: Scammers Ask Why They Paid Victim in Credential Harvesting Scheme

An interestingly-worded campaign has bypassed ATP scanners and made it into inboxes.

Read more

(Don't) Take it to the Bank: Direct Deposit Scam Hitting Inboxes

Direct deposit is a great convenience for businesses and individuals. 

Read more

CAPTCHA This: Bypassing SEGs via reCAPTCHA

Traditional SEGs scan emails through filters that check URLs in emails against various static lists to determine how to treat each URL. Based on the decisions made b...

Read more

PDF-Based Attack Gets Past Email Scanners

PDFs are not always what they seem. They are good vectors to launch attacks, because PDFs are usually important, meaning end-users are likely to click. One estimate ...

Read more

Spoofing Excel to Get Credentials

A static HTML file isn't always what it seems.

Read more

PhishGun: How Phishing Attacks From Services Like Mailgun Bypass Microsoft 365 Security

Avanan researchers have identified a new attack form whereby adversaries leverage reputable Email Delivery Services (EDS) to launch and obfuscate their attacks again...

Read more

A Microsoft Swing and a Google Miss: Spoofed Pages Get to the Inbox

Credential harvesting is one of the most popular attack forms out there. It's simple. Get a user to click on a link. At the link, get them to enter their information...

Read more

Lucky Penny: Missing ATM Card Attack Bypasses Scanners

Believe it or not, the classic Nigerian Prince scam is still around and still kicking. In 2018, Americans lost over $700,000 to the scam. Yikes.

Read more

Hidden Meaning: Using Obfuscation to Fool Natural Language Processing

A rapidly increasing attack campaign is hitting inboxes.

Read more

We Shouldn't Transfer: Getting End-Users to Give Over Credentials

You may have heard about the recent Accellion breach. Accellion, a file-sharing app, was breached and now tons of universities and corporations have been hit. Major ...

Read more

When a Legitimate Pension Fund Uses Fraudulent Phishing Tactics

Avanan researchers have discovered an interesting “marketing” campaign from a legitimate company that leverages pension fund fraud tactics normally used in phishing ...

Read more

Can I Have Some More? Blatant Financial Scam Makes Way to Inboxes

Avanan researchers have uncovered a widespread financial scam attack. The attack aims to get sensitive bank and financial information from the victim.

Read more

ZeroFont Phishing: Three Years Later, the Attack Form is Still Out There

Back in 2018, Avanan uncovered an attack we called ZeroFont phishing. The idea is that hackers insert hidden words into the text with a font size of zero. The recipi...

Read more

Flipping Out: Hackers Hijack Legitimate File Service to Reach Inboxes

Avanan researchers have uncovered a specific attack that was seen 282 times across 18 different environments in the past two weeks. This attack leverages Flipsnack, ...

Read more

Bad Check: Another Malicious Invoice Gets Through

Another day, another invoice scam. This time the fake invoice is actually a malicious HTML file. Despite this being a very basic credentials harvesting attack  it wa...

Read more

Invoiced: When an Ask For Payment Is an Invitation for Malware

Invoice-related spam is common. It doesn't mean, though, that everyone stops it. 

Read more

Novel Tax Scam Utilizes Spoofed IRS Address to Defraud Users

Tax season is always ripe with attacks, ranging from the simple to the sophisticated. This particular attack showcases a truly well-crafted and deceptive phishing em...

Read more

The Tax Hack Cometh: Open Season for Tax-Based Attacks

With tax season around the corner, we’re seeing a very expected uptick in tax-related malicious emails. This particular email was malware sent from a domain register...

Read more

Bitcoined: Leveraging the Currency for Attacks

Investing in Bitcoin? You're not alone. Tons of people are. Hackers have noticed and are leveraging it to start attacking end-users. 

Read more

14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial