Jump to content


Increased Phising attempts using .msg .eml attachments


This topic has been archived. This means that you cannot reply to this topic.
1 reply to this topic

#1 Jon Whattam (admin)

Jon Whattam (admin)
  • Members
  • 1 posts

Posted 06 May 2020 - 03:23 AM

Hi, we have seen an increase in the number of Phishing related emails landing in Inboxes, being bypassed by the gateway and Sentinel. In all cases, the emails are coming through as a basic email with either a .eml or .msg attachment. This attachment then contains a further attachment (sometimes looking like a PDF/Invoice etc) 


Clicking this takes to a Phishing web page (link protection also ignores it)


Content of the attachment is showing signs of a typical "Phish" eg - 


"Good Day, Please find the attached payment slip for wire transfer remitted to your bank account.

Attached also the corresponding invoices.

My colleague is out of office on emergency leave and I am incharge of sales and payment now.
Please inform all when you receive payment. Also advise on shipment schedule for our previous order.



in a couple of cases, our Endpoint protection has picked up/blocked any forward clicks, but Barracuda is allowing them through


I've considered looking at managing .eml and .msg attachments via the content policies but have read that it can disrupt a LOT of genuine mail due to the methods other providers transmit mail


I'd be grateful if anyone has had any similar experiences and/or had success in blocking?


Thank you

#2 Michael Manning

Michael Manning
  • Members
  • 270 posts

Posted 08 May 2020 - 09:01 AM

we are also seeing this as well attachment with older Microsoft files extension such as .xls and .doc which I would expect should be blocked based on my config. Yet they are slipping through