{"id":1971,"date":"2021-08-24T11:29:07","date_gmt":"2021-08-24T11:29:07","guid":{"rendered":"https:\/\/blog.kdmarc.com\/blog\/?p=1971"},"modified":"2024-08-23T12:59:29","modified_gmt":"2024-08-23T07:29:29","slug":"phishing-emails-fool-email-filters","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/","title":{"rendered":"Phishing Messages That Even Email Filters Can&#8217;t Stop"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">When it comes to the prevalence and financial footprint, phishing is one of the top threats to individuals and organizations. This vector of <span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/cybercrime\/\"><strong>cybercrime<\/strong> <\/a><\/span>is aimed at obtaining users\u2019 sensitive credentials, defrauding companies of funds, stealing proprietary business data, or distributing predatory programs via rogue emails.<\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#Public_Cloud_Becomes_a_New_Safe_Haven_for_Phishing_Pages\" >Public Cloud Becomes a New Safe Haven for Phishing Pages<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#Book_a_Free_Demo_Call_with_Our_People_Security_Expert\" >Book a Free Demo Call with Our People Security Expert<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#Enter_your_details\" >Enter your details<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#Harmful_ZIP_File_under_Benign_Wrapping\" >Harmful ZIP File under Benign Wrapping<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#Foreign_Language_Puts_a_Spanner_in_the_Works\" >Foreign Language Puts a Spanner in the Works<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#Messages_Impersonating_Well-Known_Banks\" >Messages Impersonating Well-Known Banks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#HTML_Code_Written_Backwards\" >HTML Code Written Backwards<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#SharePoint_Account_Takeover\" >SharePoint Account Takeover<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#Shore_up_Your_Phishing_Protection\" >Shore up Your Phishing Protection<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">According to <span style=\"color: #0000ff;\"><a style=\"color: #0000ff; text-decoration: underline;\" href=\"https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong><span style=\"color: #183994;\">recent findings<\/span><\/strong><\/a><\/span> by security analysts, these attacks account for almost half of all breaches in the enterprise sector. The FBI claims a phishing spin-off called business email compromise (BEC) causes eyebrow-raising losses of roughly $5 billion every year.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">With the scale of phishing scams steadily growing, numerous security vendors provide tools that prevent deceptive emails from reaching customers\u2019 inboxes. Crooks have picked up the challenge by playing a cat-and-mouse game with white hats. Their efforts are mostly focused on finding new ways to bypass email filters.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Public_Cloud_Becomes_a_New_Safe_Haven_for_Phishing_Pages\"><\/span><span style=\"color: #000000;\"><strong>Public Cloud Becomes a New Safe Haven for Phishing Pages<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">Threat actors are increasingly mishandling trusted cloud services to hide their treacherous resources and files. In one of these campaigns spotted by Check Point, phishers use Google Drive to host a decoy PDF document that supposedly includes important business data. The intended victims receive a message stating that they need to enter their Office 365 credentials to view the shared file.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">Typing the username and password actually provides access to a legitimate marketing report by a reputable consulting firm, but with the caveat that criminals retrieve the victim\u2019s Office 365 sign-in details. This information may be used to orchestrate BEC hoaxes, corporate data theft, <span style=\"color: #183994;\"><strong><a style=\"color: #183994;\" href=\"https:\/\/applehelpwriter.com\/yahoo-search-redirect-mac-virus-removal\/\" target=\"_blank\" rel=\"noopener\">and malware outbreaks<\/a>.<\/strong><\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">The campaign under scrutiny fits the context of statistics saying that Microsoft Office is the most heavily exploited entity across the spectrum of applications \u2013 it ends up in the crosshairs of cybercriminals <span style=\"color: #0000ff;\"><span style=\"color: #183994;\"><strong><u><a style=\"color: #183994;\" href=\"https:\/\/www.statista.com\/chart\/20431\/most-commonly-exploited-applications-worldwide\/\" target=\"_blank\" rel=\"noopener\">in 72.8% of cases<\/a><\/u><\/strong><\/span>.<\/span><\/span><\/p>\n\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"UTF-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Document<\/title>\n<\/head>\n\n<style>\n    .interestedBtn {\n        width: 80% !important;\n        box-sizing: border-box !important;\n        display: inline-block !important;\n        padding: 11px !important;\n        border: 1px !important;\n        border-color: #ddd !important;\n        margin-top: 10px !important;\n        background-color: #183e8b !important;\n        background-image: none !important;\n        text-shadow: none !important;\n        color: #fff !important;\n        font-size: 14px !important;\n        line-height: 20px !important;\n        border-radius: 5px !important;\n        margin: 0 !important;\n        cursor: pointer !important;\n        box-shadow: 0px 4.66px 22.99px 0px rgba(0, 0, 0, 0.10);;\n    }\n\n\n        .formSec .formSecTwo{\n            padding-top: 15px !important;\n            margin-bottom: 30px !important;\n        }\n\n\n    .tnp-email {\n        width: 80% !important;\n        box-sizing: border-box;\n        padding: 8px 10px;\n        display: inline-block;\n        border: 1px solid #ced4da;\n        background: #fff;\n        color: #000 !important;\n        font-size: 13px;\n        line-height: 20px;\n        border-radius: 2px;\n        padding-right: 30px;\n        margin-bottom: 0px;\n    }\n\n    .formSec {\n        border: 1px solid #ced4da;\n        float: left !important;\n        width: 55% !important;\n    }\n\n    .mainBox {\n       \/* border: 1px solid #183e8b;*\/\n         background: white;\n        max-width: 600px !important;\n        margin: 0 auto !important;\n        padding: 20px !important;\n        font-family: Arial, Helvetica, sans-serif !important;\n    }\n\n    .boxDiv {\n        display: flex !important;\n    }\n\n    .boxConsult {\n        float: left !important;\n        width: 45% !important;\n        padding: 10px !important;\n    }\n\n    .formSecTwo {\n        text-align:center !important;\n        width: 100% !important;\n    }\n\n    .formHeading {\n        font-family: Arial, Helvetica, sans-serif;\n        margin-top: 0px;\n        font-weight: 700;\n        line-height: 25px;\n        font-size: 18px !important;\n        \n       margin-bottom: 60px !important;\n       color: #000!important;\n          margin-top: 5px !important;\n    }\n\n    .fieldHeading {\n        margin: 0 !important;\n        font-size: 13px !important;\n        text-align: left !important;\n        margin: 0px 39px 2px 93px !important;\n        font-weight: 500 !important;\n    }\n\n    .image {\n        max-width:90% !important;\n        height: auto !important;\n    }\n\n     .email-icon {\n            position: absolute;\n            right: 50px;\n             top: 20px;\n            transform: translateY(-50%);\n            pointer-events: none; \n        }\n\n          .email-container{\n             position: relative;\n         \n        }\n       \n\n        .email-icon img{\n                 width: 15px;\n        }\n\n\n         input::placeholder {\n            color:#495057;\n        }\n\n\n     ::placeholder {\n        color: #495057;\n    }\n\n        ::-ms-input-placeholder { \n          color:#495057;\n        }\n\n\n        input:-webkit-autofill {\n            background-color: transparent !important;\n            -webkit-box-shadow: 0 0 0px 1000px white inset !important; \n            box-shadow: 0 0 0px 1000px white inset !important;\n            color: #495057 !important; \n        }\n\n        \n        input {\n            color:#495057 !important;\n        }\n\n\n    @media screen and (max-width: 480px) {\n        .boxDiv {\n            display: block !important;\n            padding: 15px !important;\n         \n        }\n\n        .image{\n        width: 80% !important;\n         margin-bottom: 14px;\n        }\n        .fieldHeading {\n            text-align: left !important;\n            margin: unset !important;\n        }\n\n        .boxConsult {\n            width: unset !important;\n            float: none !important;\n        }\n\n        .mainBox {\n            border: unset !important;\n        }\n\n        .formSec {\n            float: unset !important;\n            width: 100% !important;\n        }\n\n        .formSecTwo {\n            text-align: center !important;\n        }\n\n        .tnp-email {\n            width: 90% !important;\n        }\n\n        .formHeading {\n            margin-bottom: unset !important;\n        }\n\n         .email-icon {\n            position: absolute;\n            right: 25px;\n            top: 58%;\n            transform: translateY(-50%);\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\n        }\n       \n        .email-container{\n             position: relative;\n        }\n\n    }\n<\/style>\n\n<body>\n\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\n\n        <div class=\"boxDiv\">\n\n            <div class=\"boxConsult\">\n                <div>\n                    <h3 class=\"formHeading\" style=\" font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Book_a_Free_Demo_Call_with_Our_People_Security_Expert\"><\/span>\n                        Book a Free Demo Call with Our People Security Expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n                <\/div>\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/form.svg\" class=\"image\">\n            <\/div>\n\n            <div class=\"formSec\">\n                <div class=\" formSecTwo\">\n                    <h4 style=\"margin-top: 0; font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Enter_your_details\"><\/span>Enter your details<span class=\"ez-toc-section-end\"><\/span><\/h4>\n                    <div class=\"tnp tnp-subscription-minimal\">\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\n                                    placeholder=\"Full Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon01.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\n                                    placeholder=\"Corporate Email Id\">\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon02.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\n                                    placeholder=\"Company Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon03.svg\" class=\"img-fluid\" \/><\/span>\n\n                            <\/div>\n\n                            <div class=\"email-container\">\n                               \n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\n                                    placeholder=\"Phone No.\"><br>\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon04.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\n                                value=\"SUBMIT\">\n\n                        <\/form>\n                    <\/div>\n                <\/div>\n            <\/div>\n\n        <\/div>\n    <\/div>\n\n<\/body>\n\n<\/html>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Harmful_ZIP_File_under_Benign_Wrapping\"><\/span><span style=\"color: #000000;\"><strong>Harmful ZIP File under Benign Wrapping<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">Another clever technique is to cloak a dangerous payload inside an unconventional archive attached to an email. Here is some theory: a regular ZIP file has one \u201cEnd of Central Directory\u201d (EOCD) value that marks the final element of its composition. To conceal an extra archive tree, malefactors use an additional obfuscated EOCD parameter.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">Secure Email Gateways (SEGs) only see and analyze the normal ZIP hierarchy while overlooking its evil counterpart. When extracted, the file quietly triggers an info-stealing Trojan on the unwitting recipient\u2019s computer.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Foreign_Language_Puts_a_Spanner_in_the_Works\"><\/span><span style=\"color: #000000;\"><strong>Foreign Language Puts a Spanner in the Works<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">One more trick is to fool email filters by inserting text in a foreign language. It can be effective because some protection tools check messages for manipulative content in English or the language corresponding to the recipient\u2019s locale. Some malicious actors tailor phishing messages in Russian and include a recommendation to use the Google Translate service. With this tactic, emails may arrive in one\u2019s inbox without being flagged as dangerous.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Messages_Impersonating_Well-Known_Banks\"><\/span><span style=\"color: #000000;\"><strong>Messages Impersonating Well-Known Banks<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">Mimicking financial institutions to hoodwink users is nothing new, but a recent phishing wave took it up a notch. Scammers have been sending emails that pretend to come from the Bank of America or Citigroup and include a link redirecting to a clone of the bank\u2019s official site, which is a credential phishing page in disguise. It seems like a garden-variety trick, but the messages easily get around filters, and here is why.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">First off, the crooks only zero in on several employees in an organization. Traditional anti-phishing tools typically identify suspicious messages that come in large quantities, and therefore a few emails might fly under the radar.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">Furthermore, the messages hail from a personal email account and don\u2019t spoof the source domain. Consequently, popular defenses such as the Sender Policy Framework (<a href=\"https:\/\/threatcop.com\/blog\/spf-authentication\/\"><span style=\"color: #183994;\"><strong>SPF<\/strong><\/span><\/a>) and Domain-based Message Authentication, Reporting and Conformance (<span style=\"color: #183994;\"><strong><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/what-is-dmarc\/\" target=\"_blank\" rel=\"noopener noreferrer\">DMARC<\/a><\/strong><\/span>) fail to detect them. The credential phishing page uses a valid SSL certificate and its registration date is recent, so it doesn\u2019t raise any red flags either.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"HTML_Code_Written_Backwards\"><\/span><span style=\"color: #000000;\"><strong>HTML Code Written Backwards<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">A fairly complex method in some phishers\u2019 repertoire is to reverse HTML code strings and then change the text direction back to normal so that the recipient can read it. The catch is that these materials appear in a skewed shape when email filters are inspecting them, so the message can sneak inside. The use of Cascading Style Sheets (CSS) to combine Latin and Arabic text in raw HTML code further enhances the trickery because the natural directions of these scripts are opposite.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"SharePoint_Account_Takeover\"><\/span><span style=\"color: #000000;\"><strong>SharePoint Account Takeover<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">In some cases, crooks leverage previously hacked SharePoint accounts to host their credential phishing pages. Since security services trust this collaborative system from Microsoft, there is a good chance that an email with a SharePoint link in it will go unnoticed. The landing site is redesigned to display a fraudulent OneDrive for Business sign-in form. Once a user enters their password, it falls into criminals\u2019 hands.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Shore_up_Your_Phishing_Protection\"><\/span><span style=\"color: #000000;\"><strong>Shore up Your Phishing Protection<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">There is no denying that automatic defenses with email filters at their core are incredibly effective in fending off phishing attacks. However, the tricks above demonstrate that this strategy alone is not enough. With that in mind, you should additionally nurture your <span style=\"color: #183994;\"><strong><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/security-awareness-training-for-employees\/\" target=\"_blank\" rel=\"noopener noreferrer\">security awareness<\/a><\/strong><\/span> by sticking to the following tips:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"color: #000000;\">Don\u2019t click links in emails no matter how enticing they seem.<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\">Never open attachments sent by someone you don\u2019t know.<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\">When you are about to enter your credentials on a login page, make sure it\u2019s HTTPS rather than HTTP.<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\">Even if an email appears to come from a trusted individual or organization, check it for typos and other inaccuracies.<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\">Steer clear of messages that specify a deadline for some action or otherwise put pressure on you.<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\">Be skeptical about wire transfer requests from co-workers. Verify them with the purported initiator in person before sending out the money.<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\">Avoid oversharing personally identifiable data (PID) on publicly available resources such as social networks.<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\">Turn on a firewall and use reputable Internet security software that comes with an anti-phishing module.<\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">In summary, phishing attacks are fueled by a combination of human slip-ups and imperfections of mainstream protection tools. Stepping up your online hygiene is half the battle when it comes to avoiding these hoaxes, and email filters should take care of the rest.<\/span><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><div class=\"wp-block-image\">\n<figure class=\"alignright\"><img loading=\"lazy\" decoding=\"async\" width=\"200\" height=\"300\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/08\/me-5-200x300-1.jpeg\" alt=\"David Balaban\" class=\"wp-image-10624\"\/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"has-text-align-left wp-block-paragraph\"><strong><span style=\"color: #808080;\">David Balaban is a computer security researcher with over 17 years of&nbsp;experience in malware analysis and antivirus software evaluation. David runs MacSecurity.net and Privacy-PC.com projects that present expert opinions on&nbsp;contemporary information security matters, including social engineering,&nbsp;malware, penetration testing, threat intelligence, online privacy, and white hat&nbsp;hacking. David has a strong malware troubleshooting background, with a recent&nbsp;focus on ransomware countermeasures.<\/span><\/strong><\/p>\n\n\n\n<p class=\"has-text-align-right wp-block-paragraph\"><strong><span style=\"color: #808080;\"><span style=\"color: #000000;\">Written By:<\/span> <span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/twitter.com\/DavidBalaban1\" target=\"_blank\" rel=\"noopener\">David Balaban<\/a><\/span><br><\/span><\/strong><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>When it comes to the prevalence and financial footprint, phishing is one of the top threats to individuals and organizations. This vector of cybercrime is aimed at obtaining users\u2019 sensitive credentials, defrauding companies of funds, stealing proprietary business data, or distributing predatory programs via rogue emails. According to recent findings by security analysts, these attacks [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":6984,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45,43],"tags":[],"class_list":["post-1971","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-email-security","category-social-engineering"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Email Filters Are Helpless On These Phishing Messages<\/title>\n<meta name=\"description\" content=\"When it comes to the prevalence and financial footprint, phishing is one of the top threats to individuals and organizations. Even the best email filters...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Email Filters Are Helpless On These Phishing Messages\" \/>\n<meta property=\"og:description\" content=\"When it comes to the prevalence and financial footprint, phishing is one of the top threats to individuals and organizations. Even the best email filters...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-24T11:29:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-23T07:29:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/08\/Email-Filters-are-Helpless.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1250\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Dip Jung Thapa\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dip Jung Thapa\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/\"},\"author\":{\"name\":\"Dip Jung Thapa\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/75585994ee4cb3e8b24fe7375dc85ee8\"},\"headline\":\"Phishing Messages That Even Email Filters Can&#8217;t Stop\",\"datePublished\":\"2021-08-24T11:29:07+00:00\",\"dateModified\":\"2024-08-23T07:29:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/\"},\"wordCount\":1096,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/Email-Filters-are-Helpless.webp\",\"articleSection\":[\"Email Security\",\"Social Engineering\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/\",\"name\":\"Email Filters Are Helpless On These Phishing Messages\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/Email-Filters-are-Helpless.webp\",\"datePublished\":\"2021-08-24T11:29:07+00:00\",\"dateModified\":\"2024-08-23T07:29:29+00:00\",\"description\":\"When it comes to the prevalence and financial footprint, phishing is one of the top threats to individuals and organizations. Even the best email filters...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/Email-Filters-are-Helpless.webp\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/Email-Filters-are-Helpless.webp\",\"width\":1250,\"height\":1200,\"caption\":\"Phishing Emails Passing Through Email Filters\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/phishing-emails-fool-email-filters\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Phishing Messages That Even Email Filters Can&#8217;t Stop\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"width\":432,\"height\":102,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/75585994ee4cb3e8b24fe7375dc85ee8\",\"name\":\"Dip Jung Thapa\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_5_1698662450.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_5_1698662450.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_5_1698662450.jpeg\",\"caption\":\"Dip Jung Thapa\"},\"description\":\"Co-Founder &amp; COO at Threatcop\u00a0 Department: Operations and Marketing Dip Jung Thapa, Chief Operating Officer (COO) of Threatcop, a leading cybersecurity company dedicated to enhancing people security management for businesses. With a profound understanding of cybersecurity issues, Dip plays a pivotal role in driving Threatcop's mission to safeguard people's digital lives.\u00a0\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Email Filters Are Helpless On These Phishing Messages","description":"When it comes to the prevalence and financial footprint, phishing is one of the top threats to individuals and organizations. Even the best email filters...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/","og_locale":"en_US","og_type":"article","og_title":"Email Filters Are Helpless On These Phishing Messages","og_description":"When it comes to the prevalence and financial footprint, phishing is one of the top threats to individuals and organizations. Even the best email filters...","og_url":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2021-08-24T11:29:07+00:00","article_modified_time":"2024-08-23T07:29:29+00:00","og_image":[{"width":1250,"height":1200,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/08\/Email-Filters-are-Helpless.webp","type":"image\/webp"}],"author":"Dip Jung Thapa","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Dip Jung Thapa","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/"},"author":{"name":"Dip Jung Thapa","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/75585994ee4cb3e8b24fe7375dc85ee8"},"headline":"Phishing Messages That Even Email Filters Can&#8217;t Stop","datePublished":"2021-08-24T11:29:07+00:00","dateModified":"2024-08-23T07:29:29+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/"},"wordCount":1096,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/08\/Email-Filters-are-Helpless.webp","articleSection":["Email Security","Social Engineering"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/","url":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/","name":"Email Filters Are Helpless On These Phishing Messages","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/08\/Email-Filters-are-Helpless.webp","datePublished":"2021-08-24T11:29:07+00:00","dateModified":"2024-08-23T07:29:29+00:00","description":"When it comes to the prevalence and financial footprint, phishing is one of the top threats to individuals and organizations. Even the best email filters...","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/08\/Email-Filters-are-Helpless.webp","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/08\/Email-Filters-are-Helpless.webp","width":1250,"height":1200,"caption":"Phishing Emails Passing Through Email Filters"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/phishing-emails-fool-email-filters\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Phishing Messages That Even Email Filters Can&#8217;t Stop"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","width":432,"height":102,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/75585994ee4cb3e8b24fe7375dc85ee8","name":"Dip Jung Thapa","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_5_1698662450.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_5_1698662450.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_5_1698662450.jpeg","caption":"Dip Jung Thapa"},"description":"Co-Founder &amp; COO at Threatcop\u00a0 Department: Operations and Marketing Dip Jung Thapa, Chief Operating Officer (COO) of Threatcop, a leading cybersecurity company dedicated to enhancing people security management for businesses. With a profound understanding of cybersecurity issues, Dip plays a pivotal role in driving Threatcop's mission to safeguard people's digital lives.\u00a0"}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1971","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=1971"}],"version-history":[{"count":9,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1971\/revisions"}],"predecessor-version":[{"id":11859,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1971\/revisions\/11859"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/6984"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=1971"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=1971"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=1971"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}