Phish of the Week: More Vaccines, Less Phishing Please

Don’t Count Yourself in for a Vaccine (Phish)

I really appreciate The New York Times’ “Find Your Place in Line” vaccine calculator tool. Even though it says I’m roughly 270 millionth in line, it’s a glimmer of hope! But, like most people, I’d still appreciate a chance to get the shot just a tiny bit sooner.

Attackers are now exploiting vaccine availability to steal personal data. Our threat research team explains in this new blog how the latest phishing campaign, which spoofs the CDC and pharmaceutical companies, bypasses Microsoft 365’s email defenses.

Targeting workers across multiple industries, this phish uses a number of techniques missed by ordinary defenses:

  • Display Name Spoofing to fake the visible FROM header
  • Insertion of an SMTP HELO command to spoof the Envelope From domain
  • Spoofing of a domain that lacks email authentication protocols and no longer resolves to an IP address
  • Compromising a legitimate host with a benign IP

Make no mistake about it: COVID-19 cyber attacks keep evolving. They will remain a security challenge for as long as the pandemic lasts.

Read the details in the blog here.

Infographic: Guide to Business Email Compromise Types 1, 2, 3 & 4

Last week the U.S. Attorney’s Office for the District of Massachusetts warned of a dramatic increase in Business Email Compromise (BEC) scams related to the Paycheck Protection Program and Small Business Administration. Large or small, BEC scams cost businesses of all sizes billions of dollars in losses.

Our latest BEC infographic explores not just the business impact, but specifically the anatomy of Types 3 and 4 BEC, which spoof and infiltrate your trusted vendors and suppliers.

Check out the details in the blog here. (4 min)

Always Expect the Unexpected…

Last year was a record-breaking year for emails. For example, SendGrid reported processing over 11 billion emails over Black Friday and Cyber Monday alone.

If your organization relies more on email these days, then your email security service should have no problem handling massive email traffic spikes — whether planned, or due to denial of service attacks, or other unexpected reasons. Unfortunately, legacy email gateways (whether on-premise or hosted) can’t keep up with unpredictable spikes.

Learn how to achieve greater email resiliency from outages, traffic spikes and threat actors, in our new solution brief here. (3 min)

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!

 

Shalabh

Shalabh Mohan

VP, Product at Area 1

With a career spanning 20 years fighting bad guys online, Shalabh leads all product and go-to-market functions at Area 1 Security, with extensive prior experience across security, enterprise, and cloud infrastructure companies such as Aspen Networks, IronPort Systems, Cisco and Bracket Computing. Shalabh and his teams have taken products from conception all the way to large scale businesses; and in the process have consistently helped make the Internet a safer place. An alumnus of Stanford University and the University of Texas at Austin, Shalabh holds five patents and can claim to know something about enterprise infrastructure and security.

Understanding the Four Business Email Compromise Attack Types

Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.

Area 1 Security Announces the Most Spoofed Brand of 2021

Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!

2022 March Hackness: The Return of the Phishing Bracket

Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.