Email threats continue to adapt and become more sophisticated. Recently, there has been a significant surge in three specific types of email-based attacks: toxic calendar invites, ShareFile phishing, and voicemail-based phishing attempts. Understanding these threats is crucial for protecting yourself and your organization.
Toxic Calendar Invites
One of the latest tactics employed by cybercriminals involves the use of toxic calendar invites. These malicious invites are sent via email and appear as legitimate calendar events. Once the recipient accepts the invite, it often contains a link to a phishing site. These sites are designed to steal sensitive information, such as login credentials. The invites are universally compatible across platforms like Outlook, Google Calendar, and Apple Calendar, making them particularly dangerous
ShareFile Phishing
Another emerging threat is the misuse of Citrix’s ShareFile for phishing attacks. Cybercriminals are leveraging phishing kits like Tycoon 2FA and Mamba 2FA to create fake login pages hosted on ShareFile. These phishing kits target Microsoft 365 users and can intercept one-time passcodes, effectively bypassing multi-factor authentication (MFA). By using trusted platforms like ShareFile, these phishing emails easily evade detection and deceive recipients into providing their credentials
Voicemail-Based Phishing
Voicemail-based phishing, also known as vishing, has seen a resurgence after several months of decline. In these attacks, cybercriminals send fake voicemail alerts via email, prompting recipients to click on a link to listen to the voicemail. These links often lead to malicious forms hosted on platforms like Monday.com and Zoho, incorporating LinkedIn redirect URLs to appear more authentic. The emails typically create a sense of urgency or vague threats to prompt user action
Staying Vigilant
With phishing tactics becoming increasingly sophisticated, it is essential to stay vigilant and adopt a multi-layered approach to email security. Here are some best practices to protect yourself and your organization:
- Verify Calendar Invites: Always verify the sender and the content of calendar invites before accepting them.
- Be Cautious with Links: Avoid clicking on links in unsolicited emails, especially those that create a sense of urgency.
- Enable Multi-Factor Authentication: While MFA is not foolproof, it adds an extra layer of security.
- Educate and Train Employees: Regularly train employees to recognize phishing attempts and other email-based threats.
By staying informed and adopting these best practices, you can significantly reduce the risk of falling victim to these recent email threats.
Source; Barracuda