Best antivirus apps in 2022Best password managers in 2022Best phone deals in 2022
After confirming users “are not a robot,” the info stealer malware can be installed, which steals sensitive information stored in the victim’s browser. According to the report, the email sender’s domain comes from “mailman.cbddmo.ru.” This is linked to a “Center For Road Safety of the Moscow Region” page. The hackers may have used an old version of the domain to bypass email authentication checks. The email phishing campaign targeted organizations across healthcare, education, and retail sectors, attacking around 27,660 customers across Office 365 and Google Workspace. The threat actors used multiple techniques to sneak past security, such as exploiting a legitimate domain, brand impersonation, and social engineering. “The context for the email attack replicates workflows that already exist in our daily work lives (getting email notifications of a voicemail),” said Armorblox’s Lauryn Cash. “When we see emails we’ve already seen before, our brains tend to employ System 1 thinking and take quick action. The email content even had every victim’s first name filled in to increase the feeling of legitimacy and the chances of follow-through.” Despite Microsoft’s and Google’s security measures, it’s a good idea to keep an eye on suspicious emails. WhatsApp never sends notification emails, which is already a red flag in this phishing attempt. To prevent these attacks from happening or stop threat actors in their track, using multi-factor authentication, the best password managers, and the best antivirus apps will boost your security while online. Speaking of which, six ‘antivirus’ apps were caught spreading malware that steals banking info and you can check out the culprits.
