What’s more dangerous than a phishing attack that uses a social engineering tactic to get you to click? How about a phishing attack that uses a combination of TWO social engineering tactics to get you to click? And that’s exactly what was detected this week according to InfoSecurity Magazine.
In this case, the two social engineering tactics are phishers hiding COVID-19 malware in both CVs (curriculum vitae or resumes) AND medical leave forms. According to the article, “Cyber-criminals are taking advantage of the evolving jobs market and employee health situation under COVID-19 to disguise malware in various emailed documents. The phishing campaigns spotted center around spoofed CVs and medical leave forms.”
From Tech Times, “Checkpoint reported that the hackers are sending files with names like COVID-19 FLMA CENTER.doc using emails with subjects such as ‘the following is a new Employee Request Form for leave within the FMLA’.”
These types of attacks, which incorporate a malicious document, are more difficult to detect than standard phishing attacks which use a malicious link embedded in the email and link to a phishing website. In this case, “the payload is info-stealing banking Trojans like Icedid or Trickbot. Different sender domains are used to try and trick email filters.”
The reason these types of phishing attacks are more difficult to detect is because many of the anti-phishing products on the market today ONLY look for malicious embedded links and expect some other security tool to detect malicious attachments. But, that’s not true for Phishing Protection from DuoCircle.
Phishing Protection from DuoCircle is cloud-based email security with real-time link click protection AND malicious attachment blocking. Not only does it detect both types of phishing attacks, but because it’s cloud-based, it blocks dangerous emails altogether. That means phishing emails never even make it into your inbox. Now that’s how you protect yourself from phishing attacks. You certainly can’t click on something you never see.
Since Phishing Protection is cloud-based, there’s no hardware to buy, no software to buy and nothing to configure. It also means that you don’t have to give up your email service provider to use it. Phishing Protection works seamlessly with all major email providers. And Phishing Protection takes about 10 minutes set up and only costs pennies per user per month.
For a limited time, you can try Phishing Protection for free for 60 days. No credit card required. Get it before hackers find a new social engineering tactic to trick you into clicking.