A recent phishing campaign analyzed by Fortra’s Suspicious Email Analysis team used a unique mix of methods to bypass detection and reach inboxes. The attack, which disguised itself as a DocuSign notification, combined encryption, open-source tools, and trusted links to steal Microsoft 365 credentials. Fortra researcher Israel Cerda explains the approach in Dark Reading.
Originally published in Dark Reading.
Excerpt: “Look at the attachments. It's kind of weird that an .htm file comes in an email and it contains an encrypted payload. That should raise some alarms."
