Attackers are on the prowl for enterprise Microsoft Outlook credentials, with a new phishing campaign that leverages email-quarantine policies and uses an overlay screen tactic — on top of legitimate company webpages — to lure in victims.
The campaign was discovered after successfully targeting an unnamed company, Cofense researchers told Threatpost. The emails imitated the technical-support team of the employee’s company (with “Support” in the sender title and “Action Required” in the subject line) and claimed that the company’s email-security service had quarantined three valid email messages, blocking them from entering the inbox.
The quarantine location on an email server is where messages are stored temporarily that are suspected to be spam. They can then be reviewed and retrieved if necessary. While not a new lure for attackers, this proves to be effective, particularly in an enterprise environment where employees fear the impact of missed communications, researchers said.
“Potential loss of important documents or emails could make the employee more inclined to interact with this email,” said Dylan Main, researcher with Cofense,
in a Friday post.
threatpost.com
