Phishing, which in short, involves deceiving victims into providing sensitive information, is one of the most common forms of cybercrime – and the methods are becoming increasingly sophisticated. currently Microsoft . warns About a new phishing campaign.
It involves the use of the so-called Open redirect links Which is sent to the victims via e-mail.
Misuse of legitimate service
Open redirect links are often used by legitimate organizations for various selling and marketing purposes. For example, a hotel might use the feature to send an email recipient to a third-party reservation page, while the link uses the hotel’s own domain.
Microsoft is starting to see that the functionality is now being used for other purposes.
Malicious parties can configure these links in such a way that they appear to send the user to a legitimate page, but in reality the person is redirected to a malicious website that is used to steal information from the user.
What makes it easy to be fooled by links is that the URL you see when you hover over the link without actually clicking, as many do out of sheer habit, appears to belong to a legitimate domain. However, the header contains easily overlooked parameters, which take the user to malicious websites.
– When recipients check the link or mouse cursor button in the email, the full URL is displayed. However, since players are setting up redirect links using a legitimate service, the user sees a legitimate domain name that might be associated with a company they know and trust. Microsoft wrote that we believe attackers are abusing this open and reputable platform to avoid detection when sending potential victims to phishing sites.
According to the company, this technology is combined with a convincing bait that mimics well-known productivity tools and services, such as Office products, to trick users into clicking on a link.
By clicking on the link, in many cases you are taken to pages where the user is given a CAPTCHA to verify – a test where you have to enter a number of numbers and letters. This raises the impression of legitimacy, and in addition, Microsoft believes that the feature is used to bypass checking content on pages, so that analysis tools do not reach the phishing page itself.
After a CAPTCHA, the user is shown a page that simulates legitimate services such as Microsoft Office 365, where the user is asked to enter the password, and the user’s email address is already filled in to increase credibility. After you give up your password, you are redirected back to other legitimate websites, further disguising your phishing campaign.
More details about the campaign can be found at Microsoft Security Blog.
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”