What you need to know
- Microsoft is spreading the word about a phishing campaign that's been going on for months.
- It utilizes open redirector links.
- These links appear safe but will redirect you to malicious domains.
The Microsoft Security Intelligence Twitter account is at it again with another PSA regarding phishing campaigns mucking up link-clicking safety for denizens of the web. If you get an email with one of these sketchy links, you may not be able to recognize the problem until it's too late.
Here's the issue: These open redirector links are crafted to subvert normal inspection efforts. Smart users know to hover over links to see where they're going to lead, but these links are prepared for that type of user and display a safe destination designed to lure targets into a false sense of security. Click the link and you'll be redirected to a domain that appears legit (such as a Microsoft 365 login page, for example) and sets the stage for you to voluntarily hand over credentials to bad actors without even realizing it until it's too late.
This phishing campaign takes things further than just crafty URLs, though. It also employs Google reCAPTCHA services in order to keep threat analysis systems at bay, stopping site scanners from protecting you once you're in the malicious domain.
We’ve been tracking a phishing campaign that has been using open redirects for months, and it continues to evolve and persist. As recently as last week, we detected a spam run that abused a different web app but utilized the same TTPs and infrastructure. pic.twitter.com/3iztzVwbKyWe’ve been tracking a phishing campaign that has been using open redirects for months, and it continues to evolve and persist. As recently as last week, we detected a spam run that abused a different web app but utilized the same TTPs and infrastructure. pic.twitter.com/3iztzVwbKy— Microsoft Security Intelligence (@MsftSecIntel) August 30, 2021August 30, 2021
All in all, it's crafty stuff, and Microsoft admits as much over on Twitter. It also has a dedicated blog post that details the scheme in greater depth, though the post's protection advice section is light on actionable guidance. Still, there's a lot of detailed data in there that could potentially offer those with an advanced understanding of phishing attack procedures some worthwhile information.
