Novel Phishing Trick Uses Weird Links to Bypass Spam Filters

A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.

Researchers have identified a never-before-seen method for sneaking malicious links into email inboxes.

The clever trick takes advantage of a key difference in how email inboxes and browsers read URLs, according a Monday report by Perception Point.

The attacker crafted an unusual link using an “@” symbol in the middle. Ordinary email security filters interpreted it as a comment, but browsers interpreted it as a legitimate web domain. Thus the phishing emails successfully bypassed security, but when targets clicked on the link inside, they were directed to a fake landing page nonetheless.

A Lame Phishing Attempt

On May 2, Perception Point’s incident response (IR) team flagged a hasily-designed phishing email trying to pass itself off as a Microsoft notice. “You have new 5 held messages,” it read, directing the recipient to follow a “Personal Portal” hyperlink.

The link directed to a website masquerading as an Outlook login page. Again the hacker’s design choices were poor, and the domain name for this supposed Outlook page was, in fact, “storageapi.fleek.co,” followed by a long series of random characters.

Read More: https://threatpost.com/novel-phishing-trick-uses-weird-links-to-bypass-spam-filters/179587/