Phishing scam targeting 75K executives and employees with spoofed email
Posted by: GuidePoint Security
Published 10/06/21, 9:00am
The inboxes of 75,000 executives and employees in state and local government, education, financial services, healthcare, and energy are being targeted with a phishing campaign spoofing the Zix encrypted email service. The phishing emails are reportedly able to bypass security and anti-spam measures across Office 365, Exchange, Cisco ESA, and Google Workspace, as well as other email applications. If the malicious link in the emails is clicked, an HTML file called “securemessage” is installed on the victim’s system. Researchers are still investigating the purpose of the HTML file.
The industry researchers who discovered the scam speculate that the spoofed emails are able to bypass security and spam controls due to the threat actors’ use of legitimate domains to send the emails.
Researchers also reported that the threat actors are not targeting large groups of employees from one department, but are instead spreading the email distribution across departments, executives, and employees. Techniques used included social engineering, brand impersonation, replicating existing workflows, drive-by downloads, and exploiting a legitimate domain.
Next Steps
Security experts at GuidePoint Security advise businesses to apply advanced email security services and regularly train employees on how to spot social engineering. Businesses are also strongly advised to employ credential management best practices, such as multi-factor authentication (MFA).
GuidePoint Security