URL protection services used to mask phishing attacks

Cybercriminals are abusing legitimate URL protection services to hide malicious URLs in phishing emails, according to a new Threat Spotlight from Barracuda Networks.

Researchers have observed phishing attacks taking advantage of three different URL protection services to mask their phishing URLs. The services are provided by trusted, legitimate brands. To date, these attacks have targeted hundreds of companies.

URL protection services work by copying URL links found in emails, rewriting them, and then embedding the original within the rewritten one. When the email recipient clicks on the link, it triggers an email security scan of the original URL. If the scan is clear, the user is redirected to the URL. In the attacks seen, the users were redirected to phishing pages designed to steal sensitive information.

Barracuda researchers believe it's likely that the attackers initially gained entry to the URL protection services after compromising the accounts of legitimate users. Using a compromised account to send themselves a phishing email carrying their malicious link, the attackers would have been able to get the protection URL they needed for their phishing campaigns.

"This inventive tactic helps attackers to evade security detection, and the abuse of trusted, legitimate security brands means that recipients are more likely to feel safe and click on the malicious link," says Saravanan Mohankumar, manager, threat analyst at Barracuda. "The URL protection provider may not be able to validate whether the redirect URL is being used by a customer or by an intruder who has taken over the account. Phishing is a powerful and often successful threat, and cybercriminals will continue to evolve their tools and techniques to maintain this. Security teams need to be prepared."

Barracuda recommends a multilayered, AI-powered approach to defense, which can detect and block any unusual or unexpected activity, however complex. These security measures should be complemented by active and regular security awareness training on the latest threats and how to spot and report them.

You can read more on the Barracuda blog.

Image credit: Gorodenkoff/depositphotos.com

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.