A new attack uses one brand email domain to increase the chances of reaching an Inbox, while spoofing another brand to trick users into transitioning to a vishing attack.
I’ve covered attacks involving the brand QuickBooks previously this year. An attack earlier this year impersonated the QuickBooks brand, targeted its’ users with an email informing potential victims that their account was being put on hold.
But a new attack identified by security researchers at Avanan takes a different approach while still taking advantage of the reputation of the QuickBooks brand. QuickBooks allows users to create free accounts that have been used to send emails spoofing the Norton and Microsoft 365 brands.
In their emails, a fake invoice is sent, inviting the recipient to call if there are questions.
Source: Avanan
Avanan researchers see this tactic as having two purposes:
- The hackers get the phone number of the victim, which can potentially be used in future attacks likely using texting or WhatsApp communications.
- The hackers get credit card information from the victims, which have obvious nefarious uses.
This attack demonstrates how the simple use of anything that establishes credibility can be used against unsuspecting users. Keeping them vigilant when interacting with email – particularly ones that deliver an unexpected message – should be treated with suspicion. This can be accomplished by maintaining that vigilance through continual Security Awareness Training designed to educate users to see these kinds of impersonation attacks for what they really are, before they fall prey to them.
