Email Security News Round-Up [November 2022]

    Email security issues plague every single business because it’s an easy point of failure for scammers and hackers to exploit. Your business is vulnerable to cyberattacks if you don’t take the necessary steps to secure your email domain and IT infrastructure. 

    When it comes to cybersecurity, it seems the news headlines are never ending, and this month was no different.

    Keep reading for more on the latest cybersecurity and email security news.

    Phishing Email Campaign Targets  22,000 Students

    We kick off our monthly email security news round-up with the story of a new and dangerous phishing campaign.

    On November 17th, security experts at Armorblox reported a credential phishing attack targeting 22,000 students. The campaign exploited and impersonated the popular social media platform Instagram to trick students from national educational institutions.

    The threat actors made the phishing email look like it originates from Instagram Support; with the sender’s name, Instagram handle, and email address all matching legitimate Instagram credentials. 

    The email phishing campaign used social engineering tactics and a false sense of urgency indicating that the victim’s Insta account was breached. It included a malicious link that redirected users to a fake landing page with Instagram branding and details around the “unusual login attempt” detected, with a ‘This Wasn’t Me’ button.

    Upon clicking the button, victims were then redirected to another fake landing web page to enter their sensitive account details. By doing so, they unknowingly handed over their credentials to the bad actors.

    Surprisingly, this email attack bypassed native Microsoft email security controls and email authentication checks with the domain “instagramsupport.net” when the official Instagram domain ends with “.com.”

    Massive Phishing Attack Campaign Through 42,000 Imposter Domains 

    A Chinese-based cybercriminal group has been exploiting the popularity and trust of famous international brands with a large-scale phishing campaign since 2019.

    Banking, retail, travel, and energy have been among the various business industries that the threat actors exploit with 42,000 imposter domains reportedly registered. Victims are tricked into spreading the campaign via Whatsapp with the promise of financial rewards or physical gifts.

    When users click on the malicious link, they’re sent to an imposter site impersonating a famous brand. They’re asked to complete a survey to claim fake rewards or cash prizes and to distribute the message to contacts on WhatsApp.

    The final redirect depends on the IP address of the victim and the browser’s User-Agent string. Coca-Cola, McDonald’s, Knorr, Emirates, and others are among more than 400 organizations imitated by criminal schemers. 

    These campaigns redirect to various fake domains loaded with malware, adware, and ads, making them an efficient and lucrative lead-generation tactic for the hackers.

    New Malware Steals Outlook and Thunderbird Credentials

    ‘StrelaStealer’, a new information-stealing malware, has recently targeted Outlook and Thunderbird—two widely used email clients. The malicious software is unique in that it attempts to steal email credential data, unlike other info-stealers that exfiltrate data from other sources like browsers, clipboards, etc.

    Analysts at DCSO CyTec discovered the new malware in November 2022, targeting Spanish-speaking users.

    The StrelaStealer malware appears on the victim’s system via email attachments, currently ISO files with unstable content.

    The malware spreads via Polyglots, files valid in two or more formats. Once executed, it renders lure documents and steals mail login data from Outlook and Thunderbird.

    The investigation is ongoing, so whether the malware forms part of a targeted attack remains unknown.

    Chegg Inc. Leaked 40 Million Personal Records

    The Federal Trade Commission announced that it had taken action to ensure Chegg Inc., an American online education technology giant, fixed its data security issues, which caused four serious data breaches since 2017.

    The FTC stated that Chegg Inc. disclosed millions of customers’ and employees’ private data, such as dates of birth, email addresses, and passwords. On October 31st, FTC released a press statement indicating that the ed tech company had exposed personally identifiable data (PII) since 2017.

    In 2018, a former Chegg Inc. contractor compromised the personal data of about 40 million customers by accessing the company’s cloud database and selling it on the Dark Web.

    Following FTC’s complaint, an order voted 4-0 by the Commission, Chegg Inc. has agreed to upgrade its cybersecurity practices and provide multifactor authentication methods to its customers and employees to secure their accounts.

    Chegg Inc. is also obligated to implement a cybersecurity program that encrypts customer data and provides employee training.

    Final Thoughts

    These are just some of the many email security breach news headlines we’ve reported this month. 

    Businesses must stay up-to-date on the latest cybersecurity news and threats to protect their systems from evolving attacks. 

    Companies should also ensure their employees are aware of the risks associated with email and other online activities and implement measures such as domain authentication like DMARC, two-factor authentication, and password management. Without such measures, organizations face the risk of becoming a victim of cyberattacks.