Archive for Armorblox

You’ve Got Mail: New Phishing Attack impersonates DHL for User Credentials

Posted in Commentary with tags on January 17, 2023 by itnerd

Armorblox has released its latest research that dives into the details of a credential phishing attack that spoofed the international shipping, courier services and transportation company, DHL. 

These emails, targeting more than 10,000 mailboxes of a private institution within the education industry, bypassed both native Microsoft Office 365 Email security and Exchange Online Protection (EOP) email security layers.

How it works: In this attack, end users were presented with an email that resembled a notification from DHL, notifying recipients about a parcel sent by a customer that needed to be rerouted to the correct delivery address. Users were encouraged to view the attached document and confirm the destination address of the parcel shipment by providing Microsoft login credentials. Unknowingly, the provided sensitive information entered on the fake login page was sent straight to the attackers. 

You can read the research here.

New Research: Hackers Spoof Directors of National Education Institutions; 100,000 Mailboxes Targeted in Phishing Campaign

Posted in Commentary with tags on December 20, 2022 by itnerd

Armorblox has released its latest blog, diving deep into a targeted impersonation email attack campaign including two similar, but different, emails sent to employees across the organization impersonating staff that held Director titles.

These emails, targeting 100,000 mailboxes of a large, national institution within the Education Industry, bypassed Microsoft Office 365 Email security using language as the main attack vector. 

How it works: The emails, coming from what appeared to be Directors or the institution, included the individual’s name as the sender, spoofing the employee’s email address, as well as a signature that included the individual’s full name, credentials, and title at the organization. The attackers claimed that a confidential task needed to be completed and a response warranted by the recipient in order to exfiltrate sensitive information such as confidential business data, user login credentials, bank account credentials, and gift cards.

You can read the report here.

2022 Recap: The top seven brand impersonation attacks detected over the past 12 months

Posted in Commentary with tags on December 20, 2022 by itnerd

This past year, we’ve observed how cyber attacks have become more sophisticated than ever. We’ve seen cunning tactics across all types of attacks: credential phishing, malware attacks, financial fraud, vendor fraud attacks, and more. 

Armorblox has released its latest blog sharing the top brand impersonation attacks in 2022. This blog lists the most interesting attacks that Amorblox observed and stopped throughout the year, where hackers impersonated reputable companies such as AMEX, WhatsApp, Apple, seeking credentials or a large pay day.

You can find the blog here.

Armorblox Announces Enhancements To Its NLU-Based Data Protection Platform 

Posted in Commentary with tags on December 15, 2022 by itnerd

Armorblox today announced the addition of Custom Role-Based Access Controls to its cloud-delivered email security platform to maintain data compliance and reduce data blindspots for individuals across the organization. 

Not all emails are created equal. On the inbound threat side, attackers tend to put a focus on the types of emails that involve exfiltrating sensitive credentials and financial fraud. According to the Armorblox 2022 Email Security Threat Report, 87% of all credential phishing attacks looked like common business workflows in order to trick victims, and 70% of all impersonation attacks slipped past native email security layers. On the data security side, end users and third-party contacts have access to sensitive and confidential information, either about the organization, other employees, or clients that can accidentally or maliciously fall into unlawful hands. Armorblox offers enhanced security from insider threats with enhancements to Armorblox Advanced Data Loss Prevention and the addition of Custom Role-Based Access Controls (RBAC).

Armorblox has always believed in a security-first focus, and this focus extends beyond providing a best-in-class email security solution. The expanded functionality of Armorblox Advanced Data Loss Prevention provides customers with precise protection across all confidential content types and sensitive data. Coupled with Armorblox Custom DLP Policies, organizations now have the ability to set automated encryption actions and exceptions for confidential content and sensitive data per user or per department.

Armorblox Custom Role-Based Access Controls provide security teams the fine grain controls necessary to set access and restriction levels for individuals, groups, and teams across the organization. Security Administrators are now able to thwart insider threat attacks through the creation of custom roles and permissions to ensure that access to the Armorblox platform by security team members is restricted to their job responsibilities.

Armorblox is supporting the security-first focus that organizations need through the addition of Custom Role-Based Access Controls and enhancements of the Advanced DLP product to the Armorblox platform, benefiting customers in a number of ways, including: 

  • Sensitive Data Encryption: Stop unauthorized disclosure of PII, PCI, PHI with automatic identification and encryption of sensitive data across emails, attachments, and documents.
  • Custom Access Controls: Easily create and set custom roles with granular permissions for individuals across security teams that align best with job responsibilities.
  • Reduce Data Blindspots: Ensure appropriate access levels and restrictions are set for organization, employee, and third-party data.

To learn more about the capabilities of Armorblox Custom Role-Based Access Controls, visit

Apple Phishing Attack Targets 10K Mailboxes Coming off Record-Breaking Shopping Weekend

Posted in Commentary with tags on December 1, 2022 by itnerd

Today, researchers at Armorblox released their latest blog on a credential phishing attack that spoofed a consumer favorite among cyber deals, Apple, in an attempt to steal victims’ user credentials. 

In this attack, targeting over 10,000 mailboxes, emails were crafted to convince recipients that they were receiving legitimate email communication from Apple, Inc, notifying them that their account was going to be suspended unless their card was validated. Clicking on the provided link led users to a fake landing page created in order to exfiltrate sensitive user credentials.

The timing of this technique was particularly effective, playing off consumer’s sense of urgency to score valuable gift card offers during the biggest holiday shopping days of the year.

The link to the live blog is here and it is well worth your time to read.

Don’t Let the Grinch Steal Your Holiday Cheer: Holiday Scams To Watch Out For

Posted in Commentary with tags on November 19, 2022 by itnerd

Many consider the holiday season the most wonderful time of year, and scammers would agree. The Holidays present a perfect opportunity for cybercriminals to take advantage of an otherwise joyous time.

Armorblox has published its latest blog looking back at real-life examples of targeted threats that were seen by researchers at Armorblox in the past few years and continue today that take advantage of the holiday season. Additionally, the blog goes into further detail into:

  • Why do we still fall for holiday-themed phishing attempts?
  • Why cyber criminals love OOO messages filled with contact information, role hierarchy, and destination plans for sophisticated impersonation attacks. 
  • What can individuals and organizations do to stay ahead of the game and stay safe from these scams?

You can find the blog post here.

Hackers Spoof Instagram for User Credentials; 22,000 Mailboxes Targeted in Phishing Campaign

Posted in Commentary with tags on November 17, 2022 by itnerd

Armorblox has dived into the details of a credential phishing attack that spoofed Instagram, the global social media platform across end users and businesses for connecting and sharing updates via images, videos, and short clips, to steal credentials.

Impact: Targeting approximately 22,000 mailboxes of employees at a national institution establishment within the Education Industry.

How it works: Hackers instill trust in victims by impersonating Instagram’s support team to notify recipients of unusual account login activity. Recipients are prompted to click on the provided link to secure their account. Clicking on the link navigated to a fake login page, resembling Instagram – and socially engineered with details around a login from an unrecognized device and information specific to the recipient, such as his or her Instagram user handle – in hopes of exfiltrating sensitive user credentials. 

Email security bypassed: Microsoft Exchange Email Security and Secure Email Gateway. Which is bad news if you depend on either to protect you from this sort of attack.

You can view the full report here.

Hackers Using Vendor Fraud Techniques to Bypass Microsoft Office Email Security: Armorblox

Posted in Commentary with tags on November 3, 2022 by itnerd

Armorblox today announced the addition of Armorblox Vendor and Supply Chain Attack Protection to the company’s cloud-delivered email security platform to protect organizations from the biggest challenge in today’s threat landscape: vendor email compromise and the ensuing supply chain attacks. 

As companies invest in more tools to defend against cyber threats of all kinds, hackers are staying one step ahead, by exploiting the trusted relationship between vendors and clients. With the addition of Vendor and Supply Chain Attack Protection to its email security platform, Armorblox eliminates the guesswork for organizations of all sizes around safe vendor and third-party communications across Microsoft Office 365, Microsoft Exchange, and Google Workspace environments. Armorblox NLU-based analysis and organization-specific custom models continuously monitor and assess the risk of over 50,000 vendors, proactively stopping vendor fraud attempts and supply chain attacks and further aligning with the company’s mission of helping organizations communicate without compromise.

Email-based financial fraud attacks have a higher chance of slipping past legacy email security solutions due to their increased sophistication. According to the 2022 Armorblox Email Security Threat Report2 out of 5 (44%) financial fraud attempts happened as wire fraud, invoice fraud, or vendor fraud over email. The Armorblox Vendor and Supply Chain Attack Protection delivers the layer of defense organizations need to secure their user and business data and protect the company and employees from sophisticated, targeted attacks such as financial fraud, look alike domains, or hijacking payment-related email threads.

Customers benefit from Armorblox Vendor Compromise and Supply Chain Attack Protection in a number of ways, including:

  • Enhanced Detection: Protect against vendor fraud attempts and supply chain attacks on the organization such as invoice fraud, look alike domains, or hijacking payment-related email threads.
  • Continuous Monitoring: Immediate protection against compromised accounts with around-the-clock monitoring and risk analysis of over 50,000 vendors. 
  • Improved Security Posture: Prevent loss of money, sensitive credentials, or confidential data over email with continuous risk assessment of vendors and third-party contacts, based on behavior models.

To learn more about the capabilities of Armorblox Vendor Compromise and Supply Chain Protection, visit this blog post:

Hackers impersonate ‘proPHISHional’ network, LinkedIn, to steal user credentials: Armorblox

Posted in Commentary with tags on October 25, 2022 by itnerd

Armorblox has released its latest security research that will dive into the details of a credential phishing attack that spoofed the professional networking platform LinkedIn.

How this works: The attackers impersonated the trusted LinkedIn brand to send out spoofed emails, evoking a sense of urgency that unusual activity was suspected. The socially engineered email contained a link sending victims to a fake website mimicking a legitimate LinkedIn sign in page.

Read more about this attack vector here.

Armorblox Appoints Illumio Co-founder and CEO Andrew Rubin To Its Board Of Directors

Posted in Commentary with tags on October 11, 2022 by itnerd

Armorblox, a cloud delivered email security platform company, today announced the appointment of Andrew Rubin to its board of directors. Rubin, who currently serves as the Chief Executive Officer of Illumio, joins Armorblox in its efforts to protect organizations against email-based, sophisticated and targeted cyberthreats.

Rubin brings deep insights that are drawn from a very successful career that spans decades of experience taking new ideas from inception and building them into category-defining companies. Goldman Sachs has named Rubin as one of the “100 Most Intriguing Entrepreneurs” each year since 2015 as part of its Builders & Innovators program. Under Rubin’s leadership, Illlumio has  built the industry for zero-trust security segmentation and has raised over $500M in venture capital, achieving unicorn status and servicing more than 15% of Fortune 100 companies — including Morgan Stanley, BNP Paribas SA, and Salesforce. 

The Armorblox platform connects over APIs and analyzes thousands of signals to understand who users are, what they do, and how they communicate. With this context, Armorblox protects against advanced email attacks like business email compromise, and also helps organizations stay compliant by preventing sensitive data from falling into the wrong hands. Armorblox protects over 58,000 customers including several Fortune 500 and Cloud 100 organizations.