Phishers using Zix to “legitimize” emails in the eyes of Office 365 users

Help Net Security

Zeljka Zorz

A phishing campaign aimed at harvesting Office 365 account credentials is employing a variety of tricks to fool both email security systems and recipients: the phishing emails come from a compromised enterprise account, through the secure email system Zix, to make recipients believe that the offered link isn’t malicious.

The phishing email
The phishing emails are sent from a compromised email account belonging to a real estate services provider (Authentic Title, LLC), and ostensibly contain a closing settlement counter offer. To view it, the recipients are asked to follow a link included in the email.

As the emails are sent via Zix, they sport a header and a footer proclaiming that “This message was sent securely using Zix” and...

Get the Morning Update

Thanks for subscribing!