Hackers attack company employees, targeting it inbox their. The attackers aim Companies still in use private telephone systems PBX (private branch eXchange) for communication. The hackers they use Phishing techniques that bypass email defenses.
Phishing messages are presented as caller notifications from PBX and present custom subject lines to pass a surface legitimacy check.
Custom subject line
Many companies around the world use it systems PBX for internal communication. The unification with him e-mail customer of the company allows employees to have access in voice messages from their inbox.
The email security company, IronScales, identified nearly 100.000 phishing attempts targeting "hundreds of businesses in all sectors, including real estate, oil and gas, engineering, IT, healthcare, financial services and more."
The attackers created subject lines that include the name of the company or an employee, to make the notice look authentic and reliable.
IronScales says hackers are trying to steal credentials to get them access in various services and elements of the business.
Researchers note that custom subject lines play a role in this successful bypass of protection measures. Phishing messages are passed to the Inbox, as they do not contain a payload that could show his malicious intent.
Η education employees in locating phishing emails she is necessary. However, they are needed adequate defenses that can recognize phishing attempts.