Attack Trend

Fake password protected files.

By Michael Aminov, Founder & Chief Architect
October 16, 2018

Phishing via email has always been a core attack technique. Simply sending an email with a link to a deceptive website with a fake login is a favorite move. Recently, we have observed frequently utilized evolutions of this technique – where attackers leverage a fake login to trick the user into exposing his username and password by presenting fake files that require one to “login” in order to view the content of the file.

The attack involves sending an email with a legit looking document (either a PDF or Office file). The files don’t have any malicious content inside such as macros or exploits, and therefore easily bypass the most popular email security solutions.

When opening the file, the user will see some blurred content in the background and a claim that the file is protected by password or only available in the cloud. Therefore requiring the user to login to his account in order to view the content.

In the next image we can see an example of an email sent to one of our financial institution customers. As you see there’s a PDF attachment with a link inside leading to a fake Adobe login screen.

Here is a similar example with an Excel file:

These phishing attempts can be more effective than just sending a link inside an email. First, they easily bypass email security solutions that only scan URLs placed directly inside emails (for example Office 365 “safe links”). Second because it creates a call-to-action for the busy end user – the email is already in his inbox, he his seeing some blurry content that be believes he needs to access and all that’s left is to do a quick “login”.

The way Perception Point is able to identify this technique as malicious, and block it before it reaches the user, is thanks to our Recursive Unpacker, which “unpacks” several layers of files and links to identify embedded attacks, combined with our advanced Phishing engines.

To learn more about our solution,

Click Here

Share the joy
Stay a step ahead

Research & News.

Asset 5
Case Study

Case Study: Advanced Attack Analysis

Uri Ahronovich

Perception Point’s platform recently caught an advanced threat directed at one of our customers within a Microsoft Word file.

Asset 5
Article

Why Relays, AVs, & Sandboxes just aren’t enough anymore

By Jonathan Levy

Over the years organizations have implemented multi-layered approaches to protect their email, due to the fact that no single solution has provided sufficient results.

Asset 5
Research

Breaking CFI: Exploiting CVE-2015-5122 using COOP

By Oshri Sela & Shlomi Levin

In this series of posts we’re going to demonstrate how modern CFI implementations can be circumvented.

Show More
Contact Us

Schedule a trial today.

Yes, I would like to receive email communications from Perception Point. I understand I can unsubscribe at any time.