This phishing campaign demonstrates the lengths attackers have to go to bypass filtering. Due to the attacker’s operational security, this campaign’s effectiveness is unknown, but the important note is that outlier techniques may continue to pop up. The amount of work that the operators have to put in is more significant than creating detections. Enabling Windows file extensions will help prevent this phish from getting through as it utilized a double file extension (._xsl_x.hTML). Continuous user education with examples about threats they may see can also contribute to a safer and trusted environment where users feel comfortable reporting threats. Making sure that the proper logging from Exchange and Office365 are being shipped to a SIEM and analyzed for suspicious patterns will also help during an incident should a user submit sensitive information to a phish.
New phishing attack uses Morse code to hide malicious URLs (bleepingcomputer.com)
Original Reddit Post (reddit.com)
Morse code – Twitter Search / Twitter