Plus, more news bytes of the week, including the resignation of Pete Buttigieg’s CISO, Ukraine asking the FBI for help investigating a cyberattack, and the data breach of an adult webcam network
Cybersecurity researchers have noticed a rise in several new phishing scam strategies in which attackers are successfully outsmarting current spam filters. One of these tactics is conversation-hijacking, a more involved method than simple spamming. It involves the attacker first compromising an existing email account at the target company. The attacker silently scans emails in the compromised inbox to gain intel, then poses as an employee via a compromised account to reach out to business contacts and try to get them to give up information or download malware. More about this type of scam on ZDNet.
Other new methods observed include hidden text insertion, keyword stuffing, and homograph tricks, as reported by Dark Reading. Hidden text insertion can be used to obfuscate alarm-triggering ruses, such as including a Microsoft logo in the spam message to make it appear authentic. Smart spam filters would scan that email and do a source check to ensure it originated at Microsoft, flagging it if it didn’t. By inserting hidden text within the logo, spam filters are confused by the image and usually let it go through. Another tactic is keyword stuffing, which hides text in the email, such as white font over a white background, which fools filters into recognizing the email as friendly correspondence. Yet another device is homograph use – replacing letters in email ..
Support the originator by clicking the read the rest link below.
