Phishing Attacks Dodge Email Security
GovInfoSecurity.com
Doug Olenick
A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, the security firm Cofense says in a new report.
The attack profile centers on using legitimate file-sharing websites and invoice-themed phishing attacks to steal credentials and spread malware, Aaron Higbee, CTO and co-founder of Cofense, tells Information Security Media Group in a video interview.
"What we're seeing more and more these days is attackers leveraging valid third-party file transfer sites and valid web hosting sites like Office 365 to not only send their phishing emails, but also...