Phishers using Zix to “legitimize” emails in the eyes of Office 365 users
Help Net Security
A phishing campaign aimed at harvesting Office 365 account credentials is employing a variety of tricks to fool both email security systems and recipients: the phishing emails come from a compromised enterprise account, through the secure email system Zix, to make recipients believe that the offered link isn’t malicious.
The phishing email
The phishing emails are sent from a compromised email account belonging to a real estate services provider (Authentic Title, LLC), and ostensibly contain a closing settlement counter offer. To view it, the recipients are asked to follow a link included in the email.
As the emails are sent via Zix, they sport a header and a footer proclaiming that “This message was sent securely using Zix” and...