3 tips to protect your users against credential phishing attacks

3 years ago 432

A caller phishing run spotted by Armorblox tried to bargain idiosyncratic credentials by spoofing a connection notification from a institution that provides email encryption.

phishing-via-internet-vector-illustration-fishing-by-email-spoofing-vector-id665837286.jpg

Image: GrafVishenka, Getty Images/iStockPhotos

Phishing attacks are 1 of the astir fashionable strategies employed by cybercriminals to snag idiosyncratic credentials. A palmy phishing email that obtains the close username and password tin summation entree to an full network. And the much believable the phishing message, the greater the likelihood of it succeeding. In a study published Tuesday, information steadfast Armorblox looks astatine a caller and crafty phishing campaign and offers tips connected however to support yourself from these types of attacks.

SEE: Social engineering: A cheat expanse for concern professionals (free PDF) (TechRepublic)  

A caller run that targeted a big of Armorblox customers spoofed an encrypted connection notification from Zix, a institution that itself provides email encryption and email information nonaccomplishment prevention services. Hitting users of Microsoft 365, Microsoft Exchange and Google Workspace, the phishing emails coiled up successful astir 75,000 mailboxes.

Using a rubric of "Secure Zix message," the email claimed that the recipient had received a unafraid connection from Zix. To reappraisal the alleged message, the idiosyncratic was invited to click connected the Message fastener successful the email earlier a definite expiration date. Doing truthful attempted to instal an HTML record named "securemessage." On the positive side, opening the downloaded HTML record triggered astir website blockers to measurement successful to artifact the page.

zix-phishing-email-final-armorblox.jpg

Phishing email spoofing a Zix unafraid connection notification.

Image: Armorblox

Compared with an existent template for a Zix unafraid message, the email wasn't an nonstop duplicate but was adjacent capable to instrumentality an unsuspecting victim, according to Armorblox. The domain utilized by the sender was "thefullgospelbaptist.com," a spiritual enactment acceptable up successful 1994. Though this URL is nary longer active, the attackers whitethorn person exploited an older mentation of the domain to nonstop the phishing emails, Armorblox said. The email itself got done each the modular authentication checks, including SPF, DKIM and DMARC.

Though the last HTML record successful the onslaught concatenation was blocked, the attackers utilized immoderate savvy techniques truthful their emails could walk muster. By spoofing an email encryption work similar Zix, the phishing email was designed to make a consciousness of security. And by claiming to connection an encrypted connection with an expiration date, the email tried to trigger a consciousness of urgency and importance.

The email itself was styled intimately capable to existent Zix templates truthful arsenic to walk a casual inspection. Plus, the genitor domain utilized successful the onslaught was a morganatic 1 to assistance the emails bypass authentication.

SEE: Hackers are getting amended astatine their jobs, but radical are getting amended astatine prevention (TechRepublic) 

To support yourself, your users, and your enactment from these types of phishing attacks, Armorblox offers the pursuing 3 tips:

  1. Beef up your autochthonal email information with further controls. The phishing emails described present snuck past the information built into Microsoft 365, Google Workspace, Microsoft Exchange and Cisco ESA, according to Armorblox. For stronger extortion against email attacks and credential phishing attacks, you request to augment your built-in email information with further layers that instrumentality a antithetic approach. Gartner's Market Guide for Email Security highlights respective caller approaches introduced by assorted vendors.
  2. Watch retired for societal engineering clues. When dealing with 1 email aft another, radical tin each excessively easy disregard the informing signs of a imaginable scam. But to debar being a victim, you request to look astatine each email with a trained eye. Inspect specified elements arsenic the sender's name, the sender's email address, the connection wrong the email, and immoderate inconsistencies wrong the email. With this circumstantial campaign, you mightiness inquire specified questions arsenic "Why is simply a Zix nexus starring to an HTML download?" and "Why is the sender email domain from a third-party organization?"
  3. Follow password and information champion practices. You request to support and unafraid your relationship credentials. That means not utilizing generic passwords, not utilizing passwords based connected your day of commencement oregon different identifiable items, and not utilizing the aforesaid password connected antithetic sites. And since juggling a unsocial and analyzable password for each tract isn't feasible, your champion stake is to usage a password manager to bash the hard enactment for you. Finally, marque definite you've acceptable up multi-factor authentication connected each supported concern and idiosyncratic accounts.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article