Switching methods and baits

Cofense’s researchers have also observed several other coordinated attacks employing a large array of techniques and baits to phish various types of targets. Just last week, they spotted a spear-phishing campaign circumventing a Microsoft email gateway with the help of documents shared via the Google Drive service and designed to target the staff of an energy industry company. In July, crooks were seen while switching from the malicious URLs they usually employ to WeTransfer notifications that helped them bypass email gateways developed by Microsoft, Symantec, and Proofpoint. A base HTML element was also used to conceal phishing landing page links from antispam solutions, a tactic that made it possible to evade Office 365 Advanced Threat Protection’s security checks and get their phishing emails into the inboxes of American Express customers. Yet another campaign employing fake eFax messages was detected in early July while infecting targets with a banking Trojan and RAT cocktail using malicious Microsoft Word document attachments. Cofense was also behind the disc behind the discovery of a phishing campaign that abused QR codes one month earlier, through which its operators redirected potential targets to landing pages while dodging security solutions and controls designed to stop such attacks in their tracks.