Phishing Campaign Uses Overlay Tactic for Employee Credential Theft
A recently discovered phishing campaign is relying on message quarantine emails for employee credential theft, through an overlay tactic that uses the homepage of the targeted company to disguise the malicious nature of the emails, according to new research from Cofense.
Identified by the Cofense Phishing Defense Center, the campaign relies heavily upon message quarantine phishing: emails that imitate the technical support team of the targeted employer, by making the messages appear sent from the company’s email service.
The messages will claim that several emails failed to properly process, which has blocked them from entering the inbox and will need to be reviewed by the employee in order to confirm the emails are valid. To evoke urgency, the messages will...