Low-Grade Ways of Bypassing Email Scanners

Stu Sjouwerman | May 24, 2021

iStock-1282799241Cybercriminals are replacing common words in phishing scams with synonyms in order to bypass security filters, according to researchers at Avanan. For example, one phishing lure contained a malicious file titled, “Remittance Advice,” instead of “invoice,” since many phishing emails contain the word “invoice,” and “invoice” is widely recognized as a word that flags a message as suspicious. Avanan says this technique was effective in fooling technical defenses in this case.

“Because of the rise of invoice related phishing emails, many security vendors have resorted to treating emails with the word ‘invoice’ in the subject/body/attachment(s) with higher scrutiny and this has led to attackers beginning to use synonyms to get their targets to load email attachments,” Avanan says. “This email, missed by ATP, uses ‘advice’ instead of invoice to get through to the inbox.”

The full email stated, “Hello Accounts, Please find attached your remittance advice for payment. If you have any questions, please let us know.” It’s not very fluent, and the idiomatic control is poor, but at least it doesn’t contain a term likely to be screened out.

The researchers note that the file in this email was actually a hyperlinked image designed to look like a PDF attachment. If the recipient tried to open the attachment, they would be sent to a phishing site.

“The attacker used obfuscation attempts by sending a PNG file above the body of the email that had a malicious website as the hyperlink,” Avanan writes. “This was particularly clever because the PNG image resembled an Outlook PDF attachment. Naturally, the victim will recognize that because they have seen thousands of PDF attachments sent to them via Outlook before and therefore they will not hesitate to click on the image as an attempt to download the attachment only to be redirected to a malicious website for a credential harvesting attack.”

Criminals are constantly evolving their tactics to stay ahead of security technology. New-school security awareness training can give your organization an essential layer of defense by teaching your employees how to identify red flags associated with social engineering.

Avanan has the story.

Discover Your Organization’s Exposed Email Attack Surface

Cybercriminals constantly scan the deep web and thousands of breach databases to find exposed employee identities, credentials, and passwords to launch targeted social engineering attacks. Run our free Email Exposure Check Pro (EEC) to safely uncover your at-risk users and see what your organizational structure looks like to an attacker before they exploit it.

Get Your Free Email Exposure Report

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.