Phishing Attack Update: How Cybercriminals Can Bypass Email Scanners to Attack Your Business
Created at September 22, 2021
Email scanners are an important piece of technology used to automatically detect and reroute potential threats (like a phishing attack) that attempt to infiltrate your inbox from unknown and/or suspicious sources. If you’ve ever had to “check your spam folder or quarantine” after a trusted source has sent you a message, that’s an example of an email scanner doing its job… and doing it well!
But as always, cybercriminals are always working to stay one step ahead of the measures put between them and their goal. Your trusted email scanners are no different.
You don’t want to fall victim to a phishing attack that looks like it belongs with the other meeting invites, newsletters, and company updates in your inbox. So, if a cybercriminal does end up making it past your email’s security protocols, here are a few things to be wary of.
Cybercriminals might replace words commonly found in phishing emails (such as “invoice”) with synonyms to bypass filters that are set to be on the lookout for those keywords.
A dark web tool, “Email Appender,” gives any cybercriminal with a set of compromised email account credentials the ability to place a malicious email directly into the inbox of that victim’s mailbox, bypassing any mail scanners, virtual sandboxes, and other security solutions.
Brand exploitation is a method most phishing attacks use to weasel their way into an unsuspecting person’s email account. By posing as a trusted business or financial institution, cybercriminals can deceive email scanners into giving access to an email that looks just like the ones they get every day from the real source. Read more about this type of phishing here.
Sometimes, a cybercriminal might even put the recipient’s email address in the subject line of the phishing attack.
Vendor email compromise (VEC) and business email compromise (BEC) are also ways cybercriminals have attempted to sidestep email security. Much like brand exploitation, a phishing attack like this is meant to look like they’re coming from people that you trust, whether they be internal employees or authorized, frequently-interacted-with vendors. This Blue Layer blog digs deeper.
Simply put, a phishing attack is designed simply to trick. And sometimes, even the sophisticated technology designed to resist these tricks falls for them, too. And when the technology fails, it’s on the user to ensure that the cybercriminal’s last intended step is not followed through.The only way to guarantee that involves a combination of the most effective cybersecurity technology and modern cybersecurity awareness training for those who interact with it. We can help with both. Click here to learn how Blue Layer can protect your business and your employees.
Buying Bitcoin? Watch Out for These Common Phishing Attacks
You don’t have to look far to see that interest in bitcoin is on the rise and in the news more and more every day. All this talk of “wallets,” “meme coins,” and “mining” is sure to have caught your attention at one point or another,...