At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Embedded Email Attacks Are on the Rise and Aren’t Being Detected by Security Solutions

    embedded-email-attack

    This classic tactic is making a comeback and is elegantly simple to execute, yet sufficiently complex enough to keep email scanning solutions from seeing it as malicious.

    Malicious attachments are nothing new; there are countless examples of how threat actors embed malicious code, links, etc. into attachments as the delivery vehicle. Most email scanning solutions either scan attachments or “detonate” them in a virtual sandbox to see the behavior of the attachment once run.

    But an old method of embedding malicious content is making a comeback, according to security researchers at Avanan. This method places the malicious content into an .eml file (which is interpreted as an email) and can contain plain ASCII text for the headers and the main message body as well as hyperlinks and attachments) and then the .eml file is attached to the phishing email itself.

    The end result is security solutions “overlook” the malicious content within the .eml file, leaving the threat actor with a viable mechanism to move the would-be victim towards performing the needed malicious action – be it clicking a link, opening a webpage, or providing credentials.

    In the case of the example provided by Avanan, the .eml file points the victim to a supposed PDF file using Office 365 branding to establish legitimacy. Upon clicking the link to see the bogus PDF, an impersonated Office 365 logon screen is provided to capture user’s credentials.

    The .eml angle is pretty dangerous. While it’s not often we as business professionals send an email as an attachment to another email – but it does happen, making it not completely inappropriate for a user to see this kind of email in the wild.

    Users need to be educated on these kinds of tactics and to maintain a sense of vigilance with Security Awareness Training so that they treat emails like these – that seem just a bit out of the ordinary – as suspicious from the start, helping to minimize the risk that they fall for the scam.

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST Results

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry
    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top