Energy Sector Phish Swims Past Microsoft Email Security via Google Drive

A targeted spearphishing campaign has hit an organization in the energy sector – after using a savvy trick to get around the company’s Microsoft email security stack.

According to Aaron Riley, a researcher from Cofense, the campaign impersonated the CEO of the targeted company, sending email via Google Drive purporting to be “sharing an important message” with the recipients.

The email was legitimately sent by Google Drive to employees – but it had one big “tell” – the email address didn’t fit the email naming convention of the targeted company. But most employees wouldn’t take the time to check that, Riley pointed out.

Read more…
Source: ThreatPost