{"id":2716,"date":"2021-06-30T15:50:28","date_gmt":"2021-06-30T13:50:28","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=2716"},"modified":"2026-06-08T23:15:42","modified_gmt":"2026-06-08T23:15:42","slug":"new-phishing-techniques-identification","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/emerging-threats\/new-phishing-techniques-identification\/","title":{"rendered":"New Phishing techniques and how to identify them"},"content":{"rendered":"\n<p style=\"text-align: justify\"><strong>Phishing<\/strong> remains one of the primary attack vectors (if not the primary vector) for the compromise of user accounts and enterprise systems (spearphishing and malicious attachments).<\/p>\n\n\n\n<p style=\"text-align: justify\">As often occurs, the evolution of defensive systems drives a concurrent evolution of techniques employed by threat actors to circumvent defensive technologies.<\/p>\n\n\n\n<p style=\"text-align: justify\">Recently, to evade effective anti-spam controls, threat actors have begun embedding phishing pages directly within email messages.<\/p>\n<p style=\"text-align: justify\">Traditionally, <strong>BEC<\/strong> (<strong>Business Email Compromise<\/strong>) attacks leverage <em>keylogger<\/em>-type <em>malware<\/em> to steal target account credentials. However, the use of malicious file attachments represents an approach readily detectable by protective technologies.<\/p>\n<p style=\"text-align: justify\">Consequently, we observe an increasing trend toward the use of <strong>HTML<\/strong>-formatted file attachments.<\/p>\n<p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/06\/BEC-1.png\" alt=\"\" class=\"wp-image-2721\" loading=\"lazy\" \/><\/figure><\/div>\n\n\n\n<h2 class=\"has-text-align-center wp-block-heading\">A <em>signature-less<\/em> approach<\/h2>\n\n\n\n<p style=\"text-align: justify\">Anti-spam solutions employ signature-based criteria for the identification of emails leveraging this class of attacks.<\/p>\n\n\n\n<p style=\"text-align: justify\">The problem can be addressed through anomaly detection and process analysis associated with the opening of suspicious files. Detection mechanisms must focus on behavioral indicators rather than file signatures alone. Our <a href=\"https:\/\/fortgale.com\/en\/cybersecurity-advisory\/\">Cybersecurity Advisory<\/a> processes identify process chain anomalies that deviate from baseline user activity patterns.<\/p>\n<p style=\"text-align: justify\">An example:<\/p>\n\n\n\n<table style=\"border-collapse: collapse;width: 100%;height: 100px\">\n<tbody>\n<tr style=\"height: 25px;background-color: #1f3864\">\n<td style=\"width: 50%;height: 25px;text-align: center\"><span style=\"color: #ffffff\"><strong>Parameters<\/strong><\/span><\/td>\n<td style=\"width: 50%;height: 25px;text-align: center\"><span style=\"color: #ffffff\"><strong>Values<\/strong><\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px\">\n<td style=\"width: 50%;height: 25px\"><strong>Parent Process<\/strong><\/td>\n<td style=\"width: 50%;height: 25px\">Outlook.exe (and similar)<\/td>\n<\/tr>\n<tr style=\"height: 25px\">\n<td style=\"width: 50%;height: 25px\"><strong>Process Name<\/strong><\/td>\n<td style=\"width: 50%;height: 25px\">Chrome.exe (and similar)<\/td>\n<\/tr>\n<tr style=\"height: 25px\">\n<td style=\"width: 50%;height: 25px\"><strong>Command Line<\/strong><\/td>\n<td style=\"width: 50%;height: 25px\">*.htm (and similar)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Emerging phishing techniques 2021: HTML smuggling, browser-in-the-browser tricks, MFA-fatigue prompts and the detection signals defenders can rely on.<\/p>\n","protected":false},"author":1,"featured_media":2721,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[52,3340,60,122,172,209,3341,3339,350,358,3179],"class_list":["post-2716","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emerging-threats","tag-bec","tag-browser-in-the-browser","tag-business","tag-e-mail","tag-html","tag-mail","tag-mfa-fatigue","tag-phishing-techniques","tag-threat","tag-threats","tag-user-awareness"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2716","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=2716"}],"version-history":[{"count":1,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2716\/revisions"}],"predecessor-version":[{"id":9921,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2716\/revisions\/9921"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=2716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=2716"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=2716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}