But the right security protection is also essential for safeguarding organizations from these types of attacks. Users must always think twice before clicking on a link or file attachment, even if the email seems legitimate and expected. If the recipient was expecting such a bid, that person could easily try to download the attached PDF file, thereby giving the attacker access to sensitive account credentials. As the login pages look like legitimate Microsoft and Adobe pages, users might enter their credentials for either type of account.įinally, the email was targeted in the sense that it contained details about a real estate bid and was sent to an employee who works with real estate projects. But an unsuspecting user who’s in a hurry or otherwise distracted could easily take this as verification that the email has been scanned and cleared by Symantec.īeyond the use of Symantec, the attacker created a new domain for the final phishing site, allowing it to get through Microsoft’s Exchange Online Protection filters. That domain doesn’t actually exist the real URL for Symantec Cloud is. In this case, though, the attacker used this protection to hide the actual URL of one of the suspicious pages.įurther, the email itself includes a notice that it was scanned by Symantec Security cloud service with a URL of. Designed to help organizations protect their users from spam, Click-Time Protection scans and rewrites potentially malicious URLs. Among the multiple redirects discovered by Armorblox was one created using Symantec’s Click-Time URL Protection. One interesting factor in this campaign is the exploitation of security firm Symantec. SEE: Fighting social media phishing attacks: 10 tips (free PDF) (TechRepublic) Designed to resemble Microsoft OneDrive and Adobe pages, the login page asks recipients to enter their account credentials, which are then captured by the attacker. Clicking on the link redirects the recipient through several pages, ending with one asking for login details. Sent to an employee who works with real estate, the phishing email contained a link to a PDF that purportedly included bid details for an upcoming building project. Security incident response: Critical steps for cyberattack recovery (TechRepublic Premium) The 10 best antivirus products you should consider for your businessĨ enterprise password managers and the companies that will love them In a blog post published Thursday titled “ Credential Theft Using Symantec URL Rewriting,” Armorblox describes how this campaign operates. A new phishing attack analyzed by Armorblox takes advantage of Symantec to trick users into falling for the scam. That’s especially true with phishing emails that attempt to hide the source of their deceptive landing pages and spoof or reference a well-known company or brand. Spammers and scammers typically try to obfuscate and legitimize their malicious content in an effort to better trick people.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |