Security News > 2020 > May > Phishing campaign exploits Symantec URL Protection to cover its tracks
2020-05-14 21:11
That's especially true with phishing emails that attempt to hide the source of their deceptive landing pages and spoof or reference a well-known company or brand.
A new phishing attack analyzed by Armorblox takes advantage of Symantec to trick users into falling for the scam.
In a blog post published Thursday titled "Credential Theft Using Symantec URL Rewriting," Armorblox describes how this campaign operates.
Among the multiple redirects discovered by Armorblox was one created using Symantec's Click-Time URL Protection.
Beyond the use of Symantec, the attacker created a new domain for the final phishing site, allowing it to get through Microsoft's Exchange Online Protection filters.