Novel Phishing Trick Uses Weird Links to Bypass Spam Filters

image
Researchers have identified a never-before-seen method for sneaking malicious links into email inboxes. The clever trick takes advantage of a key difference in how email inboxes and browsers read URLs, according a Monday report by Perception Point. The attacker crafted an unusual link using an “@” symbol in the middle. Ordinary email security filters interpreted it as a comment, but browsers interpreted it as a legitimate web domain. Thus the phishing emails successfully bypassed security, but when targets clicked on the link inside, they were directed to a fake landing page nonetheless. A Lame Phishing Attempt On May 2, Perception Point’s incident response (IR) team flagged a hasily-designed phishing email trying to pass itself off as a Microsoft notice. “You have new 5 held messages,” it read, directing the recipient to follow a “Personal Portal” hyperlink. The link directed to a website masquerading as an Outlook login page. Again the hacker’s design choices were poor, and the domain name for this supposed Outlook page was, in fact, “storageapi.fleek.co,” followed by a long series of random characters. In theory, if a user had overlooked all of these red flags, and submitted their Microsoft credentials, those credentials would’ve gone to the attacker. So here’s the mystery: how did such a low-effort phishing attempt make it past email security filters, which are trained to spot much more sophisticated frauds than this? The key was in the email link. Some Background on…

Source