Phishing Campaign Bypasses Existing Email Security

Abnormal Security, an email security vendor, has published a report on a new phishing campaign discovered that uses a compromised account, a trusted email security system (such as Zix, is an email security vendor with a primary focus on email encryption solutions), and multiple redirect links.

  • The email is crafted to create a sense of security and authenticity as the header and footer include a message that the email was sent securely using the Zix email encryption system.
  • When the link is clicked, the target is directed to the official Zix authentication web page, which appears to check the link.
  • Next, the user is redirected to an official Microsoft OneNote page. This page includes a link that, if clicked, redirects the target to a phishing page in an attempt to convince them to enter their credentials to view the document.
  • If credentials are entered, the threat actors will have access to the account and can commit further cyberattacks and/or compromise other accounts.
Abnormal - Email Screenshot
Image Source: Abnormal Security recommends users educate themselves and others of these continuing threats and tactics to reduce victimization. Users are advised to avoid clicking links and opening attachments from unknown senders and exercise caution with emails from known senders. If you are unsure of an email’s legitimacy, contact the sender via a separate means of communication before taking any action. Red flags may include:

  •  The email contains poor spelling or grammar.
  •  The request conveys a sense of urgency.
  • The appearance of it being sent via a mobile device.
  • The request reference goods or services you are unfamiliar with.
  • The sender identifies themselves in a non-typical way, such as using full names or their first name when they go by their middle name.
  • The email is coming from an external source but the sender claims to be someone within your organization.
  • Unusual requests, such as a request from the CEO to have all employee W-2’s be sent to them via email or an invoice from a vendor for an abnormally large amount.

Consider Managed Security Services for your business needs. When phishing attacks succeed, they present many potential dangers, with profound effects on productivity, business reputation, loss of data, and result in severe financial impact and if you do not have a proper data backup, disaster recovery strategy, and a business continuity plan it can even bring on a total loss of business.


How is your state of IT? Call Us: (855) 551-7760 with any questions.