Threat actors spoof email security providers

A new report from phishing defense company Cofense highlights increasingly sophisticated phishing attacks that are exploiting trusted email security companies such as Proofpoint, Mimecast and Virtru to trick users into disclosing sensitive credentials.

The attacks make use of fake email attachments, phishing links and credential-harvesting tactics to compromise sensitive data. By mimicking well-known brands, threat actors boost the likelihood that the recipients will trust the emails and engage with harmful content, leading to them exposing critical information.

Carefully crafted login pages to look like well-known brands, for example, increase the chance that users will be tricked into entering their credentials.

Cofense's threat analyst, Clint Ilagan writes on the company's blog, "In the past, phishing attacks were relatively simple and straightforward, often relying on basic tactics to trick users into divulging sensitive information. For example, mass email campaigns, suspicious links, generic messaging, and inconsistent branding using poor quality or mismatched logos and branding made it easier to spot the fraud."

In the examples the report reveals, however, threat actors faithfully mimic emails by carefully wording the subject line, body of the email and attachment name to ensure it looks convincing. There can be telltale signs that something is awry though such as messages being sent using a Gmail account rather than a company domain.

To cut the risk of falling victim to these attacks the report urges organizations to implement multifactor authentication, train employees to recognize phishing attempts, and use advanced threat detection systems.

You can read more and see examples of the attacks on the Cofense blog.

Image credit: Momius/depositphotos.com