Email Security News Round-Up [November 2022]

/in


Email security issues plague every single business because it’s an easy point of failure for scammers and hackers to exploit. Your business is vulnerable to cyberattacks if you don’t take the necessary steps to secure your email domain and IT infrastructure. 

When it comes to cybersecurity, it seems the news headlines are never ending, and this month was no different.

Keep reading for more on the latest cybersecurity and email security news.

We kick off our monthly email security news round-up with the story of a new and dangerous phishing campaign.

On November 17th, security experts at Armorblox reported a credential phishing attack targeting 22,000 students. The campaign exploited and impersonated the popular social media platform Instagram to trick students from national educational institutions.

The threat actors made the phishing email look like it originates from Instagram Support; with the sender’s name, Instagram handle, and email address all matching legitimate Instagram credentials. 

The email phishing campaign used social engineering tactics and a false sense of urgency indicating that the victim’s Insta account was breached. It included a malicious link that redirected users to a fake landing page with Instagram branding and details around the “unusual login attempt” detected, with a ‘This Wasn’t Me’ button.

Upon clicking the button, victims were then redirected to another fake landing web page to enter their sensitive account details. By doing so, they unknowingly handed over their credentials to the bad actors.

Surprisingly, this email attack bypassed native Microsoft email security controls and email authentication checks with the domain “instagramsupport.net” when the official Instagram domain ends with “.com.”

A Chinese-based cybercriminal group has been exploiting the popularity and trust of famous international brands with a large-scale phishing campaign since 2019.

Banking, retail, travel, and energy have been among the various business industries that the threat actors exploit with 42,000 imposter domains reportedly registered. Victims are tricked into spreading the campaign via Whatsapp with the promise of financial rewards or…

Source…