Top Email Protections Fail in Latest COVID-19 Phishing Campaign

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Threat actors continue to capitalize on fears surrounding the spread of the COVID-19 virus through a surge in new phishing campaigns that use spoofing tactics to effectively evade Proofpoint and Microsoft Office 365 advanced threat protections (ATPs), researchers have found.

The Cofense Phishing Defense Center (PDC) discovered new phishing attacks that use socially engineered emails promising access to important information about cases of COVID-19 in the receiver’s local area, according to a blog post published Tuesday by Cofense researcher Kian Mahdavi.

The emails evade basic security checks and user common sense in a number of ways, to circumvent detection and steal the user’s Microsoft log-in credentials, he said. They also don’t include specific names or greetings in the body of the messages, suggesting they are being sent out to a broad target audience, according to Cofense.

“While these secure email gateways (SEGs) are designed to safeguard end users from clicking on malicious links and attachments, both failed in a new phishing attack we recently observed,” Mahdavi wrote in the post.
 

Antus67

Level 9
Verified
Well-known
Nov 3, 2019
413
These threat actors are of the lowest form of human beings they have a IQ of about 2 points above plant life and that's being nice to them.
 
  • Like
Reactions: oldschool
F

ForgottenSeer 86663

These threat actors are of the lowest form of human beings they have a IQ of about 2 points above plant life and that's being nice to them.

The threat actors are incredibly bright and insightful. They know they can count on society equating security with security software. So for them it is like stealing candy from babies.

Software is not security. Security software is not the answer. I saw in the past that the Microsoft ATP countermeasures have been touted here at MT many times. If the researcher found one vulnerability, then there are more. Probably a lot more.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top