Attack Trend

Phishing links moving to email attachments.

By Michael Aminov, Founder & Chief Architect
19 March, 2018

Our last attack trend blog focused on n-days and zero-days. However, this time I will discuss an evolved “everyday” attack we’ve seen recently – phishing links inside files. This type of attack doesn’t require advanced hacking skills as an attacker simply sends an email trying to trick the employee into willingly submitting his username & password to a shady website that looks like a legit, well-known website.

Typically those phishing links are sent directly inside the email body, but we’re starting to observe a trend in our customers – attackers embed their phishing links inside an email attachment instead of the email body. This way they are able to avoid traditional cyber security solutions that scan all links inside the email body. This trick will also bypass an organization that is using url-rewrite solutions.

Here’s an example of an excel document our engine caught, it looks like a “locked” file and there’s a big link in the center:

phishing excel demo

When clicking on the link, a web page pretends to be “Excel online” and ask for user credentials in order to view the file:

excel online

This file is still reported clean on VirusTotal:

VirusTotal example

Clearly there is a gap between what major solutions see and this everyday approach utilized by hackers.

What should I do?

First, confirm your email protection technology is able to detect such files before they reach the user and second, ensure your users are warned of such techniques in case they break through.

Share the joy
Stay a step ahead

Research & News.

Asset 5
Research

Breaking CFI: Exploiting CVE-2015-5122 using COOP

By Oshri Sela & Shlomi Levin

In this series of posts we’re going to demonstrate how modern CFI implementations can be circumvented.

Asset 5
Case Study

Case Study: The evolution of a recent attack campaign

By Perception Point Research

How hackers can make variations within one campaign - as seen in a recent customer attack we blocked.

Asset 5
Article

Attack Trend: Phishing links moving to email attachments

By Michael Aminov, Founder & CA

Typically phishing links are sent directly inside the email body, but now attackers are embedding their phishing links inside an email attachment instead.

Show More
Contact Us

Schedule a trial today.

Yes, I would like to receive email communications from Perception Point. I understand I can unsubscribe at any time.