Security News > 2020 > May > Phishing campaign exploits Symantec URL Protection to cover its tracks
2020-05-14 21:11
That's especially true with phishing emails that attempt to hide the source of their deceptive landing pages and spoof or reference a well-known company or brand.
A new phishing attack analyzed by Armorblox takes advantage of Symantec to trick users into falling for the scam.
In a blog post published Thursday titled "Credential Theft Using Symantec URL Rewriting," Armorblox describes how this campaign operates.
Among the multiple redirects discovered by Armorblox was one created using Symantec's Click-Time URL Protection.
Beyond the use of Symantec, the attacker created a new domain for the final phishing site, allowing it to get through Microsoft's Exchange Online Protection filters.
News URL
Related news
- Cloudflare outage caused by botched blocking of phishing URL (source)
- Russian phishing campaigns exploit Signal's device-linking feature (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads (source)