Microsoft is warning of a widespread phishing campaign that uses open redirector links in emails as a way to trick users into visiting malicious websites while bypassing security software.
According to the company, 91% of cyberattacks are now carried out through email, and cybercriminals know how to weaponize messages to bounce through sites that recipients recognize before landing on infected destinations. They even use tools like the CAPTCHA puzzle not so much to determine if victims are human but to keep online security scanners from flagging their site as being dangerous.
Everything starts with a confusingly real Subject line and ends with a page that requires the user to enter their password twice. The second time, it produces an error and simply sends the user to the legitimate page, to instill confidence and ensure that victims have no idea of what has just occurred.
As with most breaches, however, everything begins with an email. Here are a few fraudulent headlines:
+ [Recipient username] 1 New Notification
+ Report Status for [Recipient Domain Name] at [Date and Time]
+ Zoom Meeting for [Recipient Domain Name] at [Date and Time]
+ Status for [Recipient Domain Name] at [Date and Time]
+ Password Notification for [Recipient Domain Name] at [Date and Time]
+ [Recipient username] eNotification
As always, stay vigilant and remember that hovering over links is no longer a definitive way to determine legitimacy. We now all need to look for signs of urgency, unusual requests, and links that use the suspicious address as a parameter of the address and not the address itself. Bottom line: just avoid opening emails you are not expecting.