Lures of fishing emails vary: fake sound mail notifications with a button to reach the message, allegedly alerts about messages allegedly received through Microsoft teams, notifications about safe documents sent via ZIX safe message. But in every case, the last landing page arrived after a series of redirects, a Sported Microsoft Office 365 login page that user credentials were designed for crops.
Researchers at Claudflare said, “The misuse of reliable link rapping services of this campaign increases the possibility of a successful attack.” “Attackers exploit the built-in trust users in these safety devices, causing high clicks rates.”
URL is an interesting development when exploiting link-rapping features from the security scanner, misuse of legitimate services to hide malicious payload is neither new nor disappeared. Whether we are talking about the inspection link of humans or software, find out that domain reputation should never rely. Organizations should train their employees how to get the fishing pages, and to identify such pages, automated tools to identify such pages should use algorithms to detect more sophisticated materials.
