Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Low-Grade Ways of Bypassing Email Scanners

    iStock-1282799241Cybercriminals are replacing common words in phishing scams with synonyms in order to bypass security filters, according to researchers at Avanan. For example, one phishing lure contained a malicious file titled, “Remittance Advice,” instead of “invoice,” since many phishing emails contain the word “invoice,” and “invoice” is widely recognized as a word that flags a message as suspicious. Avanan says this technique was effective in fooling technical defenses in this case.

    “Because of the rise of invoice related phishing emails, many security vendors have resorted to treating emails with the word ‘invoice’ in the subject/body/attachment(s) with higher scrutiny and this has led to attackers beginning to use synonyms to get their targets to load email attachments,” Avanan says. “This email, missed by ATP, uses ‘advice’ instead of invoice to get through to the inbox.”

    The full email stated, “Hello Accounts, Please find attached your remittance advice for payment. If you have any questions, please let us know.” It’s not very fluent, and the idiomatic control is poor, but at least it doesn’t contain a term likely to be screened out.

    The researchers note that the file in this email was actually a hyperlinked image designed to look like a PDF attachment. If the recipient tried to open the attachment, they would be sent to a phishing site.

    “The attacker used obfuscation attempts by sending a PNG file above the body of the email that had a malicious website as the hyperlink,” Avanan writes. “This was particularly clever because the PNG image resembled an Outlook PDF attachment. Naturally, the victim will recognize that because they have seen thousands of PDF attachments sent to them via Outlook before and therefore they will not hesitate to click on the image as an attempt to download the attachment only to be redirected to a malicious website for a credential harvesting attack.”

    Criminals are constantly evolving their tactics to stay ahead of security technology. New-school security awareness training can give your organization an essential layer of defense by teaching your employees how to identify red flags associated with social engineering.

    Avanan has the story.

     

    Return To KnowBe4 Security Blog

    Find out which of your users' emails are exposed before bad actors do.

    Many of the email addresses and identities of your organization are exposed on the internet and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization. KnowBe4's Email Exposure Check Pro (EEC) identifies the at-risk users in your organization by crawling business social media information and now thousands of breach databases.

    EECPro-1Here's how it works:

    • The first stage does deep web searches to find any publicly available organizational data
    • The second stage finds any users that have had their account information exposed in any of several thousand breaches
    • You will get a summary report PDF as well as a link to the full detailed report
    • Results in minutes!

    Get Your Free Report

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/email-exposure-check/

    Topics: Social Engineering, Phishing, Email Security

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews