A new phishing campaign highlights the need for modern email security approaches in combatting account takeover and credential theft.
Launched in July and still active as of this writing, the advanced phishing campaign probed email inboxes and scraped the targets’ company-branded Microsoft Office 365 login pages to produce realistic credential harvesting pages. Once unsuspecting users logged in, attackers could steal their account credentials.
Clearly, traditional email security approaches like signature-based detection, advanced behavioral runtime-based technologies, static protocols and blacklists are no match for increasingly sophisticated attacks like these. You can’t simply scan the HTML code behind a web page or email attachment to detect these kinds of malicious emails and websites.
Automated scraping of Office 365 login pages
Attackers used an automated email check for each target against a list of validated email addresses. Once validated, attackers scraped their targets’ company login pages, including custom backgrounds and banner logos, then inserted them into the phishing campaign landing page.
The cybercriminals hosted phishing landing pages on Microsoft cloud storage solutions, making them even more convincing to end users because they were signed with a Microsoft SSL certificate. That’s especially concerning because many end users cannot distinguish a fake login page from a real one – let alone one with an SSL certificate.
So, if traditional email security methods aren’t good enough anymore to protect your enterprise, what’s the answer?
CISOs should consider deploying smarter email security platforms that provide new layers of threat detection and intelligence against malicious emails and websites that “look so real.”
Using AI-Based Computer Vision to Spot Malicious URLs
Attackers do their best not to vary much from the look and feel of Office 365, as the visual representation is critical to getting end users to believe they are logging into the software.
Today, advanced anti-phishing protection requires more than simply inspecting inbound links and attachments. It requires advanced deep learning algorithms and computer vision to detect in real-time visual deviations and determine whether or not a login page is legitimate.
Anti-phishing solutions like the IRONSCALES advanced phishing threat protection platform can automatically detect visual deviations and warn end users and SOC teams about potentially dangerous websites. Using artificial intelligence-based computer vision and neural network technology, the IRONSCALES platform can identify and block fake login pages in real-time that traditional email security approaches are simply unable to detect.
Download our eBook, The Seven Essentials of a Modern Email Security Platform, to learn how to shrink the time for detecting a phishing attack from hours or even days down to just seconds.