image credit: pixabay
A phishing campaign aimed at harvesting Office 365 account credentials is employing a variety of tricks to fool both email security sistems and recipients: the phishing emails come from a compromised enterprise account, through the secure email system Zix, to make recipients believe that the offered link isn’t malicious.
The phishing email
The phishing emails are sent from a compromised email account belonging to a real estate services provider (Authentic Title, LLC), and ostensibly contain a closing settlement counter offer. To view it, the recipients are asked to follow a link included in the email.
Comments are closed.
