article featured image


In a credential phishing attack intended to steal users’ Microsoft Office 365 and Google email passwords, hackers posed as the American business security company Proofpoint.

Armorblox cybersecurity researchers revealed that they discovered one such operation aimed at an unidentified international communications company, with virtually a thousand employees targeted solely within that organization.

The email claimed to contain a secure file sent via Proofpoint as a link. Clicking the link took victims to a splash page that spoofed Proofpoint branding and contained login links for different email providers. The attack included dedicated login page spoofs for Microsoft and Google.


The Operation

A file apparently related to mortgage payments was the email’s bait. The subject line, “Re: Payoff Request,” was designed to trick victims into believing it was part of an ongoing conversation, adding credibility to the operations while also making it seem urgent enough and convincing them to click it.


The moment targets opened the “secure” email link contained in the message, they were directed to an introductory page with the Proofpoint logo and login spoofs.

The analysts added:

Clicking on the Google and Office 365 buttons led to dedicated spoofed login flows for Google and Microsoft respectively. Both flows asked for the victim’s email address and password.


According to them, the email was sent through a hacked email account. The sender’s parent domain was “sdis34[.]fr,” which is a department of fire rescue in Southern France.

As explained, sending phishing emails from valid (but hacked) email accounts makes it easier to avoid binary detection control mechanisms such as filters or blocklists.

The phishing pages were hosted on the parent domain of a property firm.


Used Techniques

This email attack employed several techniques to circumvent traditional email security filters and pass the eye tests of unknowing users, including social engineering, brand impersonation, replicating existing workflows, and the use of compromised email addresses.

Proofpoint Guidance and Recommendations

Enhance native email security with additional controls.

Be on the lookout for social engineering indications.

Follow Multifactor authentication and password management best practices.

  • Use multi-factor authentication (MFA) on both work and personal accounts.
  • Avoid using the same password on multiple websites/accounts.
  • Use password management software to save your account passwords.
  • Avoid using passwords that contain public personal information such as (date of birth, anniversary date, etc.).
  • Don’t use simple passwords such as ‘123456’, ‘
    password123’, etc.

How Can Heimdal™ Help You?

HeimdalTM Security has developed two email security software aimed against both simple and sophisticated email threats (Heimdal™ Email Security, which detects and blocks malware, spam emails, malicious URLs, and phishing attacks and Heimdal™ Email Fraud Preventiona revolutionary email protection system against employee impersonation, fraud attempts – and BEC, in general.

Heimdal Official Logo
Email is the most common attack vector used as an entry point into an organization’s systems.

Heimdal® Email Security

Is the next-level email protection solution which secures all your incoming and outgoing comunications.
  • Completely secure your infrastructure against email-delivered threats;
  • Deep content scanning for malicious attachments and links;
  • Block Phishing and man-in-the-email attacks;
  • Complete email-based reporting for compliance & auditing requirements;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo