An easy way to bypass scanners is to add a recipient via BCC, and ignore the to field. When this happens, the "to" field says "undisclosed recipients." That means the field is blank. The BCC field has the intended recipient. The email that we showcase is clear spam, but it shows an effective and simple method of reaching the inbox.
The Verizon Data Breach Investigation Report found that 20% of malware attacks are launched via email attachments. Of those emails, according to Check Point research, 70% of malicious email attachments were sent via PDF or Office. That's why it's important to implement complete and multi-tiered malware protection. That includes powerful AI to detect malicious behavior and quarantine dangerous files. It means protecting beyond the email environment into collaboration and file-sharing apps. It also needs sandboxing, anti-virus and CDR. Scanning every file and message for malware and ransomware is the best way forward.
This attack spoofs the World Health Organization. The idea is to ask for money in exchange for a huge reward. It's also a way to obtain personal information. The email is pretending to come from the director of the WHO. It asks for full name, address and phone number. Of course, the money will never be sent out. It's just a way for hackers to grab money and personal information to continue attacks.
For the first time, social media was among the top three sectors to be imitated via phishing, according to Check Point Research. LinkedIn, Facebook and WhatsApp all appeared in the top ten. We've noticed, in particular, attacks utilizing LinkedIn.Most recently, we wrote about how LinkedIn automatically shortens any URL over 26 characters. This has been used by hackers to hide phishing links. Additionally, we've seen spoofed LinkedIn notification emails that were actually a redirect to phishing links.