Armorblox researchers have spotted an ongoing credential-phishing attack that spoofs an encrypted Zix email – one coming, weirdly enough, from what looks like a legitimate domain associated with the Baptist religion.
At least, the threat actor is sending the phishing attack from “thefullgospelbaptist[.]com”: a domain that might be a deprecated or old version of a legitimate Baptist domain, fullgospelbaptist[.]org, which is a religious organization established in 1994.
In a Tuesday post, researchers said that, to date, the fake-Zix encrypted email has targeted close to 75,000 inboxes and has slipped past embedded spam and security controls across Office 365, Google Workspace, Exchange, Cisco ESA and others.
