In a recent discovery, Check Point researchers have identified a large-scale phishing campaign that exploits the guise of email quarantine notifications. This campaign, consisting of 32,000 emails, has targeted 6,358 customers across various regions. The primary objective of the attackers is to deceive recipients into providing their login credentials through a fake login page.

Campaign Overview

The phishing emails were sent from compromised accounts belonging to three different domains. The subject lines of these emails were written in such a way as to appear urgent and legitimate. Examples include:

  • “Email Sent to Quarantine – Review Needed”
  • “Email Delivery Delayed – Retry Scheduled”
  • “Action Needed: Email Review Pending”
Attack Methodology:

Recipients of these emails were urged to review the quarantined message by clicking on a provided link.

This link redirected them to a fake login page designed to harvest their credentials. The attackers’ strategy relied on creating a sense of urgency and leveraging the familiarity of email quarantine notifications to deceive users into taking immediate action.

Geographic Distribution:

The campaign predominantly targeted customers in North America, with 90% of the affected individuals located in Canada and the United States. The remaining 10% of the victims were from Europe and Australia.

Recommendations:

This phishing campaign highlights the importance of vigilance when dealing with email notifications, especially those that request immediate action.

Users are advised to verify the authenticity of such emails by checking the sender’s address and avoiding clicking on links from unknown or suspicious sources.

Organizations should also implement robust email security measures to detect and block phishing attempts before they reach end-users.

Further Best Practices:
  1. Educate employees: Conduct regular training sessions to raise awareness about phishing tactics and how to recognize suspicious emails.
  2. Implement multi-factor authentication (MFA): Adding an extra layer of security can prevent unauthorized access even if credentials are compromised.
  3. Use email filtering solutions: Deploy advanced email filtering solutions to detect and block phishing emails before they reach the inbox.
  4. Regularly update security protocols: Ensure that all security measures are up-to-date and capable of addressing the latest threats.

For more information, please reach out to your local Check Point representative or get an email security product demo here.

You may also like