"Malformed URL Prefix Phishing Attacks Spike 6,000%"

Researchers at GreatHorn have found that sneaky adversaries are flipping backslashes in phishing email URLs to evade protections. The researchers first noticed this new tactic last October and have found that it has been quickly gaining momentum ever since. The researchers observed a nearly 6,000% jump (5,933%) in attacks using “malformed URL prefixes” to bypass protections and deliver phishing emails that look legit between January and February of this year. The URLs do not utilize the standard URL protocols, such as http:// or https://, but instead, use http:/\ in their URL prefix. Many browsers, scanners, and email protections will not detect phishing emails that use malformed URL prefixes because the URLs don’t fit the ‘known bad’ profiles. The researchers suggest that security teams search their organizational email for messages containing URLs that match the threat pattern (http:/\) and remove any matches to keep their systems protected. The researchers also stated that these malformed URL attacks could be mitigated through third-party solutions able to perform more nuanced analysis.

Threatpost reports: "Malformed URL Prefix Phishing Attacks Spike 6,000%"