Novel Phishing Trick Uses Weird Links to Bypass Spam Filters

Researchers have identified a never-before-seen method for sneaking malicious links into email inboxes. The clever trick takes advantage of a key difference in how email inboxes and browsers read URLs, according a Monday report by Perception Point. The attacker crafted an unusual link using an “@” symbol in the middle. Ordinary email security filters interpreted it as a comment, but browsers interpreted it as a legitimate web domain. Thus the phishing emails successfully bypassed security, but when targets clicked on the link inside, they were directed to a fake landing page nonetheless. A Lame Phishing Attempt On May 2, Perception Point’s incident response (IR) team flagged a hasily-designed phishing email trying to pass itself off as a Microsoft notice. “You have new 5 held messages,” it read, directing the recipient to follow a “Personal Portal” hyperlink. The link directed to a website masquerading as an Outlook login page. Again the hacker’s design choices were poor, and the domain name for this supposed Outlook page was, in fact, “,” followed by a long series of random characters. In theory, if a user had overlooked all of these red flags, and submitted their Microsoft credentials, those credentials would’ve gone to the attacker. So here’s the mystery: how did such a low-effort phishing attempt make it past email security filters, which are trained to spot much more sophisticated frauds than this? The key was in the email link. Some Background on…