A recent spear phishing campaign has been detected using quite an ingenious (if not very outdated) obfuscation technique. Morse code, which makes binary and textual data unreadable and/or hard to understand, is used to hide potentially threatening URLs in email attachments.
This particular phishing technique does not seem to have been documented in the past.
The phishing email fraudulently gives the impression that it is an invoice for the company to which it is sent, with email subjects such as ‘Revenue_payment_invoice February_Wednesday 02/03/2021.’
This particular email includes an attachment in HTML format, named in such a way to make the victim believe that the attachment is an invoice for the company which needs to be paid. For example, ‘PhishingTackle_invoice_201._xlsx.hTML.’
The injection of these scripts within the HTML attachment provide necessary means to present a fake Excel spreadsheet, stating their Sign-in has timed out and requests the victim to enter their password again.
Once the victim enters their password, the attackers are able to harvest their credentials and gain access to their Office 365 account.
As seen by this campaign, phishing attacks are being more and more sophisticated each day.
Does everybody in your organisation have the necessary skill needed to spot and mitigate one of these intricate scams? Find out in our Free Click-Prone® Test today.