Check Point Email Security | Blog

Lack of Trust: Pretending to be a Trusted Sender to Steal Credentials

Written by Jeremy Fuchs | June 11, 2021

Avanan researchers have discovered an attack that takes over the account of a trusted customer to send phishing emails.

The emails, missed by Barracuda, are sent by a trusted customer of a company. Making matters worse is that the hacker added a header that reads: "This sender is trusted." That allows the end-user to believe that the email can, in fact, be trusted, when, in fact, it cannot. Here's what the email looks like:

The email is fairly simple. It's just a large picture pretending to be a PDF. The picture, though, has an embedded phishing link that leads to a credential harvesting website.