Avanan Updates

Week of 10/25—10/29 

This is the Weekly Digest of our latest blog posts, white papers, case studies, attack briefs, and more. Each Monday, we'll send you our updates from the previous week.


Want to sign up to receive these each week? Click here

New Website Content


The BCC Attack


An easy way to bypass scanners is to add a recipient via BCC, and ignore the to field. When this happens, the "to" field says "undisclosed recipients." That means the field is blank. The BCC field has the intended recipient. The email that we showcase is clear spam, but it shows an effective and simple method of reaching the inbox. 



Complete Malware Protection Keeps You Safer

The Verizon Data Breach Investigation Report found that 20% of malware attacks are launched via email attachments. Of those emails, according to Check Point research, 70% of malicious email attachments were sent via PDF or Office. That's why it's important to implement complete and multi-tiered malware protection. That includes powerful AI to detect malicious behavior and quarantine dangerous files. It means protecting beyond the email environment into collaboration and file-sharing apps. It also needs sandboxing, anti-virus and CDR. Scanning every file and message for malware and ransomware is the best way forward. 



How To Stop Phishing Emails?

This explainer article details some basics on how phishing attacks work; how to easily spot potential phishing emails; different ways to stop phishing emails; and how Avanan can help. 



Send Info. Hope for Money. Get Phished Instead. 

This attack spoofs the World Health Organization. The idea is to ask for money in exchange for a huge reward. It's also a way to obtain personal information. The email is pretending to come from the director of the WHO. It asks for full name, address and phone number. Of course, the money will never be sent out. It's just a way for hackers to grab money and personal information to continue attacks. 



Social Media Spoofing Gains Popularity with Hackers

For the first time, social media was among the top three sectors to be imitated via phishing, according to Check Point Research. LinkedIn, Facebook and WhatsApp all appeared in the top ten. We've noticed, in particular, attacks utilizing LinkedIn.Most recently, we wrote about how LinkedIn automatically shortens any URL over 26 characters. This has been used by hackers to hide phishing links. Additionally, we've seen spoofed LinkedIn notification emails that were actually a redirect to phishing links. 


Avanan, 259 West 30th Street, New York, NY 10001

Unsubscribe Manage preferences