New Phishing Campaigns Uses Modify URL Prefixes

Security researchers at GreatHorn have discovered a new phishing campaign in which criminals bypass traditional URL protection.

While many phishing scams involve changing the letters in the URLs of a popular site to force users to go to fake landing pages, the current campaign changes the characters used in the prefix that comes before the URL.

The URLs used in the campaign are not formatted correctly and do not use common URL protocols such as http: // or https: //. Instead, they use http: / \ in the URL prefix. Since the colon and double slashes have always been used in the standard URL format, most browsers will automatically ignore this factor.

In this way, cybercriminals bypass many email scanners and achieve their intended goals.

According to experts, the first attacks using the modified prefix method were recorded in October last year. Between early January and February 2021, email phishing attacks using malformed URL prefixes increased by 5933%.

Although these phishing attempts have been identified in organizations from a wide variety of industries, financial, pharmaceutical and construction companies are more likely to be attacked than others. In addition, organizations using Microsoft Office 365 were targeted by attacks far more frequently than organizations using Google Workspace as their cloud-based email environment.

Previous Post Next Post