Avanan Blog Attack Briefs (9)


Novel Tax Scam Utilizes Spoofed IRS Address to Defraud Users

Tax season is always ripe with attacks, ranging from the simple to the sophisticated. This particular attack showcases a truly well-crafted and deceptive phishing em...

Read more

The Tax Hack Cometh: Open Season for Tax-Based Attacks

With tax season around the corner, we’re seeing a very expected uptick in tax-related malicious emails. This particular email was malware sent from a domain register...

Read more

Bitcoined: Leveraging the Currency for Attacks

Investing in Bitcoin? You're not alone. Tons of people are. Hackers have noticed and are leveraging it to start attacking end-users. 

Read more

The Universal Language of Phishing

It's reasonable to expect that phishing emails that come to your inbox will be in your native tongue.

Read more

SEG Miss of the Week: 2/4/21

This week's SEG miss of the week follows a targeted social engineering attack. Proofpoint missed this attack.

Read more

ATP Miss of the Week: 2/4/21

Today’s ATP Miss of the Week is yet another credential harvesting attack that flew by Microsoft’s security. We have seen this exact attack over 900 times in 20 diffe...

Read more

ATP Miss of the Week: Credential Harvesting Attack

This week, we uncovered a simple credential harvesting attack. We saw this in over 30 organizations, suggesting something targeted.

Read more

ATP Miss of the Week: 1/20/2021

This week, we uncovered an attack that uses both Microsoft Forms and Typeform.  We saw this across multiple organizations.

Read more

ATP Miss of the Week: 1/13/2021

This week, we uncovered an attack that uses a Zoom notification.  We saw this across multiple organizations and in multiple weeks. 

Read more

ATP Miss of the Week: 1/7/2021

This week, we uncovered an attack that claims a password is about to expire.  We saw this across multiple organizations.

Read more

ATP Miss of the Week: 12/22/2020

This week, we uncovered an attack that utilizes a link for documents. We saw this across multiple organizations.

Read more

BioNTech COVID-19 Vaccine Spoofed in Email Campaign

As happens with all major news events, Avanan is tracking a tremendous number of fake sites, emails and even phone calls and texts which all offer an insider's acces...

Read more

Microsoft Teams: Spoofing Notifications to Steal Credentials

As Microsoft Teams continues to skyrocket in growth, hackers are going to flock to the service. We wrote recently about how a compromise at a partner organization al...

Read more

ATP Miss of the Week: 12/16/2020

This week, we uncovered an attack that utilizes a voice message file. We saw this across multiple organizations.

Read more

Come On In: LinkedIn Used for Spoofing

Quick quiz: which social media platform are hackers impersonating most effectively? If you guessed LinkedIn, good for you.  Yes, LinkedIn has quietly become a haven ...

Read more

Slack Continues to Be Top of Mind for Hackers' Malicious Links Attacks

A few months ago, we wrote about a Slack-based attack making waves. In the attack, hackers utilized a Slack redirect to bypass Microsoft SafeLinks. It looks like thi...

Read more

ATP Miss of the Week: 12/09/2020

This week, we uncovered an "eFax" email across multiple organizations. The email comes across as an eFax with a link to view documents. 

Read more

Global Financial Institution's Microsoft Teams Account Compromised by Malware

Summary A compromised Microsoft Teams account at a partner organization fooled users at a global financial institution into sharing insider information. After exfilt...

Read more

SPAM-EGY Takes on EDU

Highlights: Avanan researchers have identified an aggressive attack against higher-education targets that uses a number of obfuscation techniques developed by the SP...

Read more

Hackers Targeting G-Suite via DocuSign

Remote work has been a boon for a number of companies and DocuSign is no different. The e-signature company has seen 61% year-over-year growth. As companies to work-...

Read more

14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial