Microsoft warns of elaborate new cybercrime scheme to steal your login details
Attackers even throw a Captcha challenge to lend an air of legitimacy
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurityresearchers atMicrosofthave shared details of a comprehensive credentialphishingcampaign that uses open redirector links to lure users into clicking.
Legitimate sales and marketing campaigns often rely on open redirects to track click rates and lead customers to a particular landing page.
“However, attackers could abuse open redirects to link to a URL in a trusted domain and embed the eventual final malicious URL as a parameter. Such abuse may prevent users and security solutions from quickly recognizing possible malicious intent,”warn the researchers.
While the abuse of open redirects isn’t a novel approach, the attackers in the current campaign combine these links with social engineering tricks by impersonating popular tools and services to trick users to click the fake links.
Hook, line, and sinker
Unraveling the details of the campaign, the researchers say that the links lead to not one, but several redirects, and even throw a Captcha verification page, in a bid to fool users into thinking that the page is above-board.
Once the users answer the Captcha, the attackers take them to the fake sign-in page of a legitimate service.
The researchers suggest that phishing attacks make use of open redirects because a casual inspection of the URL from inside anemail clientwill display a trustworthydomain name, encouraging users to click the link.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Likewise, traditionalemail gatewaysolutions may inadvertently allow emails from this campaign to pass through because their settings have been trained to recognize the primary URL without necessarily checking the malicious parameters hiding in plain sight,” reason the researchers.
Another aspect of the campaign that shows the commitment of the threat actors behind it, is that it relies on a huge number of domains, at least 350 unique ones, which is another attempt at evading detection.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case
