"Novel Phishing Trick Uses Weird Links to Bypass Spam Filters"

Researchers at Perception Point have discovered a previously unseen method for sneaking malicious links into unsuspecting users' email inboxes. The novel phishing method takes advantage of the difference between how email inboxes and browsers read URLs. The attacker creates a link using an "@" symbol in the middle. Email security filters typically interpret it as a comment, but browsers interpret it as a legitimate web domain. Therefore, the phishing emails successfully circumvent security controls. The link inside takes targets to a fake landing page when clicked. Perception Point's Incident Response (IR) team recently detected a phishing email attempting to present itself as a Microsoft notice. The link in the email went to a website masquerading as an Outlook login page. The team says the hacker's design choices were poor, and the domain name for the fraudulent Outlook page was "storageapi.fleek.co," followed by a series of random characters. If a user had overlooked all of these signs and entered their Microsoft credentials, those credentials would have gone to the attacker. The email link allowed this low-effort phishing attempt to bypass email security filters trained to detect more sophisticated fraud. The hacker behind the attempt comes from Japan, based on their IP address, and has targeted telecom, web services, and financial organizations. Although their campaign failed as none of their emails successfully tricked any targets, the technique used could catch on quickly among other threat actors because it is easy to do. This article continues to discuss the novel phishing trick, a phishing attempt in which the technique was applied, and how security teams can prevent the success of this method.  

Threatpost reports "Novel Phishing Trick Uses Weird Links to Bypass Spam Filters"