Microsoft Phishing Attack Uses Google Redirects to Evade Detection

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/microsoft-phishing-attack-uses-google-redirects-to-evade-detection/

A new phishing campaign uses Google search query redirects to send potential victims to a phishing landing page designed to collect Microsoft Office 365 credentials via encoded URLs.

The phishers behind these attacks use URL Encoding (also known as Percent Encoding), a technique that makes it possible to convert ASCII characters in URLs with % signs followed by two hexadecimal digits.This allows the threat actors to hide the phishing page URL from secure email gateways (SEGs) that scan emails for malicious links and content to block potentially dangerous messages.

As researchers at the Cofense Phishing Defense Center who discovered this phishing campaign point out in their write-up, "The easiest way to trick a secure email gateway (SEG) is hiding the true destination of the payload."
"The phishing email is simple and originates from a compromised email account of a relatively well-known American brand, informing recipients that they have a new invoice awaiting payment," found Cofense.

Microsoft Phishing Attack Uses Google Redirects to Evade Detection

A new phishing campaign uses Google search query redirects to send potential victims to a phishing landing page designed to collect Microsoft Office 365 credentials via encoded URLs.

www.bleepingcomputer.com

Threat Actors Use Percentage-Based URL Encoding

The Cofense Phishing Defense Center has observed threat actors using low-level trickery to avoid detection by utilizing basic percentage-based URL encoding.

cofense.com