Phishing Attacks from Spoofed Domains

By:  |  Category: Blog, Security Thursday, April 13th, 2017  |  No Comments
Phishing Attacks

Earlier this week, Proofpoint raised the red flag on a critical 0-day threat they are calling “CVE-2017-0199,” located in Microsoft Word that allows booby-trapped Dridex phishing attacks to be sent to millions of your employees claiming to be a PDF sent to them by their company scanner.

This attack is extremely malicious because it bypasses exploit mitigations built into Windows, doesn’t require your employee to enable macros, works against Windows 10 (the most secure OS yet) and will corrupt most or all Windows versions of Word.

Spoofed Email Domains Are Easy to Miss

Proofpoint’s technical analysis said:

“Emails in this campaign used an attached Microsoft Word RTF (Rich Text Format) document. Messages purported to be from “”. [device] may be “copier”, “documents”, “noreply”, “no-reply”, or “scanner”. The subject line in all cases read “Scan Data” and included attachments named “Scan_123456.doc” or “Scan_123456.pdf”, where “123456” was replaced with random digits. Note that while this campaign does not rely on sophisticated social engineering, the spoofed email domains and common practice of emailing digitized versions of documents make the lures fairly convincing

What to Do About It:

  1. Patch and Update to Avoid Phishing Attacks

On Tuesday Microsoft released its regular batch of security patches – including a fix for this nasty Office zero-day vulnerability CVE-2017-0199. Turns out that this wasn’t the only thing needed patching. An elevation of privilege vulnerability in Internet Explorer (CVE-2017-0210) that would allow an attacker to convince a user to visit a compromised website was also fixed.

  1. No Update?

Here is a quick fix to prevent this exploit from working by adding the following to your Windows registry: Software\Microsoft\Office\15.0\Word\Security\FileBlock\RtfFiles to 2 and OpenInProtectedView to 0.

  1. Can Your Domain Be Spoofed?

Did you know that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain? Now they can launch a spear phishing attack on your organization.

Let EnhancedTECH help protect your network. We can determine your company’s vulnerability rusk and do a risk assessment. Call us for a complimentary IT Security consultation. 714-970-9330


Source Image:

Samantha Keller

Director of Marketing and PR at EnhancedTECH
Samantha Keller (AKA Sam) is a published author, tech-blogger, event-planner and mother of three fabulous humans. Samantha has worked in the IT field for the last fifteen years, intertwining a freelance writing career along with technology sales, events and marketing. She began working for EnhancedTECH ten years ago after earning her Bachelor’s degree from UCLA and attending Fuller Seminary. She is a lover of kickboxing, extra-strong coffee, and Wolfpack football.Her regular blog columns feature upcoming tech trends, cybersecurity tips, and practical solutions geared towards enhancing your business through technology.
Samantha Keller
Leave a Comment
Read previous post:
chat assist
Chat Assist-Now Offered by EnhancedTECH

EnhancedTECH is excited to introduce Chat Assist—a valuable tool to provide our customers with better support—now faster.  Chat Assist will...