Use Case: Credential Phishing

Discover how Abnormal protects your users from phishing links that aim to steal account credentials.
Use Case: Credential Phishing

Watch the video to see a real credential phishing attack detected by Abnormal.

Video Transcript

Abnormal can identify and block phishing attacks that use malicious links or attachments to steal credentials. Credential phishing attacks are extremely common, but at the same time, they can be hard to detect.

This is a perfect example of a credential phishing attack. An individual posing as a known entity emailed the recipient, claiming they missed a meeting. To make it easier, the recipient can click on the link provided to access a meeting recording. While this looks like an email from a legitimate account, if we take a closer look, we can see that the actual sender originates from a different domain.

This email contains what appears to be a Zoom link, but the display text was modified to hide the actual link. This link will send the user to this unknown domain, where they will be prompted to enter their credentials to access the meeting recording.

So how was Abnormal able to detect this type of attack?

The solution can identify the topic, tone, and more from email content. For this particular message, we understand that the email is trying to engage with the user, but we have rarely ever seen this sender before. Attackers are also using a common attack technique called, ZeroFont. This method involves the use of HTML to reduce the font size of certain words to 0, rendering these invisible to the user, but not to traditional security solutions, which will read a seemingly random string of characters that bypass security filters.

Because Abnormal understands every communication within and between your organization, it identified an unusual geolocation for this particular domain, and the recipient has never received email messages from this location.

And last, as noted before, a combination of factors, like the modified display text and unusual domain, caused the solution to flag the link as suspicious. Using these and other signals, the solution concluded that this message was malicious and automatically remediated, eliminating the possibility of engagement by the recipient.

Discover more about how Abnormal detects and blocks credential phishing attacks by requesting your personalized demo today.

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email and collaboration application attacks with Abnormal.
See a Demo

Related Resources