What you need to know
- Microsoft is spreading the word about a phishing campaign that's been going on for months.
- It utilizes open redirector links.
- These links appear safe but will redirect you to malicious domains.
The Microsoft Security Intelligence Twitter account is at it again with another PSA regarding phishing campaigns mucking up link-clicking safety for denizens of the web. If you get an email with one of these sketchy links, you may not be able to recognize the problem until it's too late.
Here's the issue: These open redirector links are crafted to subvert normal inspection efforts. Smart users know to hover over links to see where they're going to lead, but these links are prepared for that type of user and display a safe destination designed to lure targets into a false sense of security. Click the link and you'll be redirected to a domain that appears legit (such as a Microsoft 365 login page, for example) and sets the stage for you to voluntarily hand over credentials to bad actors without even realizing it until it's too late.
This phishing campaign takes things further than just crafty URLs, though. It also employs Google reCAPTCHA services in order to keep threat analysis systems at bay, stopping site scanners from protecting you once you're in the malicious domain.
We’ve been tracking a phishing campaign that has been using open redirects for months, and it continues to evolve and persist. As recently as last week, we detected a spam run that abused a different web app but utilized the same TTPs and infrastructure. pic.twitter.com/3iztzVwbKyWe’ve been tracking a phishing campaign that has been using open redirects for months, and it continues to evolve and persist. As recently as last week, we detected a spam run that abused a different web app but utilized the same TTPs and infrastructure. pic.twitter.com/3iztzVwbKy— Microsoft Security Intelligence (@MsftSecIntel) August 30, 2021August 30, 2021
All in all, it's crafty stuff, and Microsoft admits as much over on Twitter. It also has a dedicated blog post (opens in new tab) that details the scheme in greater depth, though the post's protection advice section is light on actionable guidance. Still, there's a lot of detailed data in there that could potentially offer those with an advanced understanding of phishing attack procedures some worthwhile information.
Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to email@example.com.
To further save some of you security-minded people some time, Microsoft writes the following in their blog post: TL;DR: Users of Office 365 protected with MS Defender is not affected. "Microsoft Defender for Office 365 detects these emails and prevents them from being delivered to user inboxes using multiple layers of dynamic protection technologies, including a built-in sandbox that examines and detonates all the open redirector links in the messages, even in cases where the landing page requires CAPTCHA verification. This ensures that even the embedded malicious URLs are detected and blocked. "
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.