Malformed URL Prefix Phishing Attacks Spike 6,000%

Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit. They look legit, that is, unless you look closely at the symbols used in the prefix before the URL. “The URLs are malformed, not utilizing the normal URL protocols, such as http:// or https://,” researchers Click to Register said in a blog post about their findings. “Instead, they use http:/ in their URL prefix.” The slashes in the address are largely superfluous, the GreatHorn report explained, so browsers and many scanners don’t even look at them. Typosquatting is a common phishing email tactic where everyday business names are mispelled, like “amozon.com” — to try and trick unobservant users into clicking. But these days, researchers explained, most people know to look for these kinds of email scams, so threat actors have had to evolve too. Email Protections Ignore Backslashes in URL Prefix “The URLs don’t fit the ‘known bad’ profiles developed by simple email scanning programs, allowing them to slip through undetected,” researchers said. “They may also slip past human eyes that aren’t accustomed to looking in the prefix for signs of suspicious activity.” The researchers reported they first noticed this new tactic last October, and said that it has been quickly gaining momentum ever since — with attacks between January and early February spiking by 5,933 percent, they said. What…

Source