Low-Grade Ways of Bypassing Email Scanners

iStock-1282799241Cybercriminals are replacing common words in phishing scams with synonyms in order to bypass security filters, according to researchers at Avanan. For example, one phishing lure contained a malicious file titled, “Remittance Advice,” instead of “invoice,” since many phishing emails contain the word “invoice,” and “invoice” is widely recognized as a word that flags a message as suspicious. Avanan says this technique was effective in fooling technical defenses in this case.

“Because of the rise of invoice related phishing emails, many security vendors have resorted to treating emails with the word ‘invoice’ in the subject/body/attachment(s) with higher scrutiny and this has led to attackers beginning to use synonyms to get their targets to load email attachments,” Avanan says. “This email, missed by ATP, uses ‘advice’ instead of invoice to get through to the inbox.”

The full email stated, “Hello Accounts, Please find attached your remittance advice for payment. If you have any questions, please let us know.” It’s not very fluent, and the idiomatic control is poor, but at least it doesn’t contain a term likely to be screened out.

The researchers note that the file in this email was actually a hyperlinked image designed to look like a PDF attachment. If the recipient tried to open the attachment, they would be sent to a phishing site.

“The attacker used obfuscation attempts by sending a PNG file above the body of the email that had a malicious website as the hyperlink,” Avanan writes. “This was particularly clever because the PNG image resembled an Outlook PDF attachment. Naturally, the victim will recognize that because they have seen thousands of PDF attachments sent to them via Outlook before and therefore they will not hesitate to click on the image as an attempt to download the attachment only to be redirected to a malicious website for a credential harvesting attack.”

Criminals are constantly evolving their tactics to stay ahead of security technology. New-school security awareness training can give your organization an essential layer of defense by teaching your employees how to identify red flags associated with social engineering.

Avanan has the story.

Find out which of your users' emails are exposed before bad actors do.

Many of the email addresses and identities of your organization are exposed on the internet and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization. KnowBe4's Email Exposure Check Pro (EEC) identifies the at-risk users in your organization by crawling business social media information and now thousands of breach databases.

EECPro-1Here's how it works:

  • The first stage does deep web searches to find any publicly available organizational data
  • The second stage finds any users that have had their account information exposed in any of several thousand breaches
  • You will get a summary report PDF as well as a link to the full detailed report
  • Results in minutes!

Get Your Free Report

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews