Armorblox has released its latest blog, diving deep into a targeted impersonation email attack campaign including two similar, but different, emails sent to employees across the organization impersonating staff that held Director titles.
These emails, targeting 100,000 mailboxes of a large, national institution within the Education Industry, bypassed Microsoft Office 365 Email security using language as the main attack vector.
How it works: The emails, coming from what appeared to be Directors or the institution, included the individual’s name as the sender, spoofing the employee’s email address, as well as a signature that included the individual’s full name, credentials, and title at the organization. The attackers claimed that a confidential task needed to be completed and a response warranted by the recipient in order to exfiltrate sensitive information such as confidential business data, user login credentials, bank account credentials, and gift cards.
You can read the report here.
Like this:
Like Loading...
Related
This entry was posted on December 20, 2022 at 9:19 am and is filed under Commentary with tags Armorblox. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Research: Hackers Spoof Directors of National Education Institutions; 100,000 Mailboxes Targeted in Phishing Campaign
Armorblox has released its latest blog, diving deep into a targeted impersonation email attack campaign including two similar, but different, emails sent to employees across the organization impersonating staff that held Director titles.
These emails, targeting 100,000 mailboxes of a large, national institution within the Education Industry, bypassed Microsoft Office 365 Email security using language as the main attack vector.
How it works: The emails, coming from what appeared to be Directors or the institution, included the individual’s name as the sender, spoofing the employee’s email address, as well as a signature that included the individual’s full name, credentials, and title at the organization. The attackers claimed that a confidential task needed to be completed and a response warranted by the recipient in order to exfiltrate sensitive information such as confidential business data, user login credentials, bank account credentials, and gift cards.
You can read the report here.
Share this:
Like this:
Related
This entry was posted on December 20, 2022 at 9:19 am and is filed under Commentary with tags Armorblox. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.