Top Email Protections Fail in Latest COVID-19 Phishing Campaign

kltaylor Member, Beta Tester Posts: 1,231
1000 Comments 500 Likes 50 Answers 100 Awesomes

An effective spoofing campaign promises users important information about new coronavirus cases in their local area, scooting past Proofpoint and Microsoft Office 356 ATPs.

Threat actors continue to capitalize on fears surrounding the spread of the COVID-19 virus through a surge in new phishing campaigns that use spoofing tactics to effectively evade Proofpoint and Microsoft Office 365 advanced threat protections (ATPs), researchers have found.

The Cofense Phishing Defense Center (PDC) discovered new phishing attacks that use socially engineered emails promising access to important information about cases of COVID-19 in the receiver’s local area, according to a blog post published Tuesday by Cofense researcher Kian Mahdavi.

The emails evade basic security checks and user common sense in a number of ways, to circumvent detection and steal the user’s Microsoft log-in credentials, he said. They also don’t include specific names or greetings in the body of the messages, suggesting they are being sent out to a broad target audience, according to Cofense.

To read the entire article please click on the Source link above.

"There's a fine line between audacity and idiocy."
-Warden Anastasia Luccio, Captain