Enter your email address to be notified for every new product update.
Phish Files 1101
Posted by
Jeremy Fuchs on Dec 3, 2021 11:42:31 AM
Week of 10/25—10/29
This is the Weekly Digest of our latest blog posts, white papers, case studies, attack briefs, and more. Each Monday, we'll send you our updates from the previous week.
Want to sign up to receive these each week? Clickhere.
An easy way to bypass scanners is to add a recipient via BCC, and ignore the to field. When this happens, the "to" field says "undisclosed recipients." That means the field is blank. The BCC field has the intended recipient. The email that we showcase is clear spam, but it shows an effective and simple method of reaching the inbox.
The Verizon Data Breach Investigation Report found that 20% of malware attacks are launched via email attachments. Of those emails, according to Check Point research, 70% of malicious email attachments were sent via PDF or Office. That's why it's important to implement complete and multi-tiered malware protection. That includes powerful AI to detect malicious behavior and quarantine dangerous files. It means protecting beyond the email environment into collaboration and file-sharing apps. It also needs sandboxing, anti-virus and CDR. Scanning every file and message for malware and ransomware is the best way forward.
This explainer article details some basics on how phishing attacks work; how to easily spot potential phishing emails; different ways to stop phishing emails; and how Avanan can help.
This attack spoofs the World Health Organization. The idea is to ask for money in exchange for a huge reward. It's also a way to obtain personal information. The email is pretending to come from the director of the WHO. It asks for full name, address and phone number. Of course, the money will never be sent out. It's just a way for hackers to grab money and personal information to continue attacks.
For the first time, social media was among the top three sectors to be imitated via phishing, according to Check Point Research. LinkedIn, Facebook and WhatsApp all appeared in the top ten. We've noticed, in particular, attacks utilizing LinkedIn.Most recently, we wrote about how LinkedIn automatically shortens any URL over 26 characters. This has been used by hackers to hide phishing links. Additionally, we've seen spoofed LinkedIn notification emails that were actually a redirect to phishing links.