A Microsoft building in Europe. (efes, CC0, via Wikimedia Commons)
A recently discovered phishing scam that convincingly impersonates the Microsoft Windows logo with an HTML table serves as a new reminder of how social engineers can abuse various elements in emails to fool both human recipients and certain security solutions.
The scheme first began to emerge late last year into January and involves using a table to build a 2×2 grid of cells, and then filling them in with colors to make the table look just like the iconic Windows logo. The presence of this fraudulent, yet authentic-looking logo lends extra credibility to phishing emails, and according to Inky they can fool some standard Secure Email Gateways that tend to overlook the presence of tables as a suspicious element.
“This new tactic most likely originated in a single phishing kit and is now adopted in multiple kits,” said Bukar Alibe, cyber security analyst at Inky.
Jeremy Ventura, senior security engineer at Mimecast, called the new phenomenon “a modern form of brand impersonation” that is missed by traditional solutions because “they aren’t developed to look for more sophisticated techniques.”
While this specific scam may be new, ..
Support the originator by clicking the read the rest link below.
