"YouTube Attribution Links Exploited in New Phishing Campaign"

Attackers have been avoiding detection by exploiting legitimate YouTube attribution links and a Cloudflare CAPTCHA. According to the cybersecurity company Vade, using YouTube attribution links is a novel method for circumventing email filters that scan for suspicious redirects. In a new phishing campaign, victims receive a spoofed email claiming that their Microsoft 365 password has expired. Personalizing and contextualizing the email creates the illusion of legitimacy. Researchers observed that the email contains no misspellings or grammatical errors, which are typically early indicators of fraud. Below the notice regarding the victim's password allegedly being expired, there is an option to keep the current password. The button, which is hyperlinked to a YouTube URL, eventually takes users to a phishing page with a Cloudflare CAPTCHA. According to Vade, it is likely that the page is hosted on Cloudflare and uses URL crawling and bot protections. Once users click the CAPTCHA, they are presented with a fake Microsoft 365 sign-in page, allowing threat actors to steal their credentials and take control of their accounts. This article continues to discuss the new phishing campaign involving the exploitation of YouTube attribution links. 

Cybernews reports "YouTube Attribution Links Exploited in New Phishing Campaign"