The Phish Files

Phish Files 1115

Written by Jeremy Fuchs | Dec 3, 2021 4:46:00 PM
 

Week of 11/8—11/12 

This is the Weekly Digest of our latest blog posts, white papers, case studies, attack briefs, and more. Each Monday, we'll send you our updates from the previous week.

 

Want to sign up to receive these each week? Click here. Be sure to forward this to all your co-workers!

New Website Content

 

The Worst Case Scenario with Other API Solutions

 

There are two types of API-based email security solutions. One method remediates malicious emails only after it reaches the inbox. The Avanan method is different, preventing malicious emails from ever reaching the inbox in the first place. This distinction is important. On average, it takes other API solutions three minutes and three seconds to remediate and remove a malicious email from the inbox. However, users click on phishing emails in just 82 seconds. That means that the malicious email is in the inbox longer than it takes a user to click on it. In this blog, we highlight a conversation we had with an IT admin that had used another API-based solution. While using it, the "worst case" scenario occurred: an end-user opened an email and clicked on a malicious attachment, before the engine had a chance to remediate. With Avanan, that worst case scenario won't occur, because the malicious email will never reach the inbox in the first place. 

     

 

The OneFont Attack: Manipulation and Obfuscation

In 2018, Avanan researchers discovered the ZeroFont phishing technique, whereby hackers insert hidden words, all with the font size of zero, that are invisible to the recipient but fool Natural Language Processing. Now, we've observed a similar attack that uses OneFont, along with other obfuscation methods, to get a credential harvesting attack into the inbox. To get into the inbox, hackers hide links with the CSS. They also put the links within the font tag, and brought the font size down to one. Finally, they used invalid parameters, such as setting the "Padding Left" to ";". These methods, when combined, lead many scanners to treat the email as a marketing email, not a phishing one. 

     

 

Omdia: Check Point Beefs Up Email Security with Avanan Buy

In a new report, Omdia praised Check Point's acquisition of Avanan. They noted that the addition of Avanan "into Harmony should position Check Point as a stronger WFH security contender." Additionally, they noted that Harmony now secures "remote workers, their devices, and their data, with protection from malicious files, URLs, and phishing across email, collaboration suites, web, network, and endpoint." The full report, which can be accessed here, further highlights the benefits of the deal. 

     

Avanan, 259 West 30th Street, New York, NY 10001

Unsubscribe Manage preferences