![]() ![]() Information that we need to know about Combining Grapheme Joinerĭespite of its name Combining Grapheme Joiner, commonly also known as CGJ, it serves the purpose of separating characters that aren’t believed to be digraphs. You can check this exchanging of similar character more in this article : Malspam email that uses homograph This type of attack is basically the same as a Homograph Attack but instead of exchanging a similar character, it adds non visible character. Because of this unicode injection, cybercriminal found a way to evade string base detection without compromising the message view structure. Email viewer applications can’t display this character as it has no visible glyph. “ Combining Grapheme Joiner (CGJ)” was also used as a new approach by cybercriminal. Social engineering was also used in the email Subject field like “password expiration” to lure their victims since it creates a sense of urgency by stating the date on when the password expires. Moreover, the address name in the From field is not the reliable name used by Microsoft. Upon checking the Received field’s IP address of “104.200.73.21”, we discovered that the following header information has no connection to Microsoft. ![]() It will provide us detailed information about the email sender as well as the technical details that we need to know. Phishing emails can also be recognized on its header field for this will serve as our initial indicator if this email has been forged. ![]() Let’s begin by discussing the email header. Let’s dig into this phishing email more closely to understand how cybercriminal used it. This method has been found being utilized in multiple Office 365 phishing emails we encountered to evade anti-spam technologies. ![]() A new approach of phishing email campaigns has been recently observed that uses Combining Grapheme Joiner. These cybercriminal employ different tactics to obtain their victim’s personal data. Microsoft Office 365 has always been a target of phishing attacks used by cyber criminals to lure users into disclosing personal information. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |