Security News > 2021 > February > Malformed URL Prefix Phishing Attacks Spike 6,000%
Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using "Malformed URL prefixes" to evade protections and deliver phishing emails that look legit.
Typosquatting is a common phishing email tactic where everyday business names are mispelled, like "Amozon.com" - to try and trick unobservant users into clicking.
The phishing email appears to be sent from a voicemail service; the researchers explained.
The attackers using these malformed URLs have engaged in a variety of tactics to deliver their malware, including using a spoofed display name to impersonate the user's company internal email system; avoiding scanners searching for "Known bad" domains by sending from an address with no established relationship with the business; embedding a link in phishing emails which opens a redirector domain; and using language to give the user a sense of "Urgency" in the message, the report explained.
Kevin O'Brien, CEO and co-founder of GreatHorn, told Threatpost that these malformed URL attacks could be mitigated through third-party solutions able to perform more nuanced analysis.
Proofpoint's recent 2020 State of the Phish showed a 14 percent jump in U.S. phishing attacks over the past year.
News URL
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)