On this page:
Attack Spotlight
November 20, 2024
Sublime Security Attack Spotlight: Credential phishing attack hidden within an EML attachment.
Sublime’s Attack Spotlight series is designed to keep you informed of the email threat landscape by showing you real, in-the-wild attack samples, describing adversary tactics and techniques, and explaining how they’re detected. These attacks can be prevented with a free Sublime account.
EMAIL PROVIDER: Microsoft 365
ATTACK TYPE: Credential Phishing
EML attachments are ubiquitous, often containing longer threads or related information to the parent email. Some email clients, including Outlook, will automatically render EML attachments within the parent email without user interaction, making it an attractive evasion technique. In this attack, an attached EML file is used to hide a malicious link from detection. Attack characteristics:
Sublime's AI-powered detection engine prevented this attack. The top signals in these attacks are:
See the full MQL that detected these attacks in these publicly available Rules in the Core Feed: EML attachment with credential theft language (unknown sender) and EML with suspicious indicators.
Sublime detects and prevents credential phishing and other email-based threats – for free. Start your free account today (managed or self-managed) for out-of-the-box coverage for these types of attacks with the ability to customize their handling for your environment.
Read more Attack Spotlights:
Sublime releases, detections, blogs, events, and more directly to your inbox.
The latest research, attack spotlights, and product updates.
Experience Sublime’s adaptable email security platform and take control of your email environment today.