> If you suspect you might have received an email from Anthony Blinken, I suggest checking the DKIM signature.
Definitely. But I think that the actual attack would rather be that you receive an e-mail (seemingly) from your bank asking to log in on some (phishing) portal, or from your ISP or whatever else urging to to install a (malware) software update...
More good reasons to not click on links in emails. Use out of band methods instead (for example, if you think an email is from your bank, log on to their website separately, not through an email link, and check that way).
I know everyone at my last company had to do compliance training with Kevin Mitnick for hours; not that I minded RIP. Fingers crossed my large company isn’t the outlier and people pay attention to the training. Still, this vulnerability is bad news. A well targeted attack that doesn’t trip any training red flags (links, attachments, etc.) for the victim is still a very real security threat, right?
> A well targeted attack that doesn’t trip any training red flags (links, attachments, etc.) for the victim
As I understand it, the victim still has to click on a link in an email for the attack to work. The attack makes the email look like it comes from a legitimate source (like the victim's own company), but it still requires the victim to take an action, it's not completely passive.
Yes indeed. And that's the whole purpose of the domain impersonation -- the mail should look legit to the potential victim, so they follow up with the requested action (like signing up with their password on a phishing login page)
Definitely. But I think that the actual attack would rather be that you receive an e-mail (seemingly) from your bank asking to log in on some (phishing) portal, or from your ISP or whatever else urging to to install a (malware) software update...