Menlo Security’s researchers recently uncovered a spear phishing attack at a popular enterprise that went undetected by existing security solutions.

Anatomy of a Spear Phishing Attack

A close examination of this spear phishing event revealed the following details. The attackers:

  • Performed various checks on the password entered by the victim and their IP address to determine a true compromise vs. somebody who had figured out the attack.
  • Supported various email providers, determined by custom pages served based on the email domain. For example, a victim whose email address was [email protected] would be served a page that looked like a Gmail login page.
  • Exfiltrated victim’s personally identifiable information (PII) to an attacker-controlled account.

Download the report now to get the full story.

MS Spear Phishing Report.jpg