Cybercriminals have found a devious new way to trick you with phishing scams
Be on the lookout for malformed URL prefixes
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybercriminals are constantly changing their tactics in order for their attacks to avoid detection and security researchers fromGreatHornhave discovered a newphishingcampaign capable of bypassing traditional URL defenses.
While many phishing scams involve changing the letters of a popular site’s URL in order to trick users into navigating to fake landing pages, this new campaign changes the symbols used in the prefix that goes before the URL.
The URLs used in the campaign are malformed and don’t utilize normalURL protocolssuch as http:// or https://. Instead, they use http:/\ in their URL prefix. As a colon and two forward slashes have always been used in the standard URL format, mostbrowsersautomatically ignore this factor.
As a result, the cybercriminals behind this new campaign are able to ensure that their phishing pages are able to get around manyemail scannersand reach their intended targets.
Malformed prefix attacks
According to a newblog postfrom the GreatHorn Threat Intelligence Team, these malformed prefix attacks first emerged in October of last year and gained momentum through the end of the year. In fact, between the first week of January and early February, the volume of email phishing attacks utilizing malformed URL prefixes increased by a whopping 5,933 percent.
While these phishing attempts have been identified at organizations across a variety of industries, organizations in the pharmaceutical, lending, construction and cable verticals are being targeted at a higher rate than others. Additionally, organizations runningOffice 365were the targets of these attacks at a much higher rate than those runningGoogle Workspaceas their cloud email environment.
In one such attack identified by GreatHorn, the phishing email led to a fake landing page that was nearly identical to aMicrosoft Officelogin page. If an unsuspecting user tried to login on this page, they would be providing the attackers with their credentials which would give them access to their email contact lists and other sensitive data found in theircloud storage.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To prevent falling victim to a malformed prefix attack, GreatHorn recommends that organizations provide their employees with training on how to spot a suspicious URL prefix. At the same time though, security teams should search their organization’s email for any messages containing URLs that match this threat pattern and remove them.
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace
