The emails feature interactive images designed to mimic legitimate messages.
An Image With a Link That Hooks You Without a Word
Interactive images are being used to evade traditional SEGs by mimicking legitimate messages and sources.
What is the attack?
The clickable link embedded in a picture leads to a PDF document stored on Sharepoint.
Opening the Document redirects the user to a phishing website imitating Office 365 login.
Why did it get through?
Legitimate Source: Email was sent from a legitimate business account passing sender authentication checks.
Text-free: The interactive images contain links that lead to seemingly harmless PDF documents.
Legitimate Hosting: The PDF document was hosted on a credible SharePoint site, lending it an air of legitimacy and increasing the likelihood of user trust.
What is required to solve for this attack?
Abnormal’s Behavioral AI flags never-before-seen senders, unusual email content, and URLs as anomalies that enable the detection of novel attacks.
This pairs well for defense in depth with the Cloud Email Platform (M365’s) Threat Intelligence layer.