Microsoft Warns of Phishing Campaign | Redirect Links to Malicious URLs
(Photo : Image from Unsplash Website) Microsoft Warns of Phishing Campaign | Redirect Links to Malicious URLs

Cybersecurity researchers at Microsoft are now warning its users of a brand new phishing campaign that hackers could use to steal information. The new phishing techniques redirect the victims to malicious URLs that could steal users' information.

Microsoft Cybersecurity Researchers

According to TechRadar, cybersecurity researchers over at Microsoft have just shared certain details regarding a comprehensive credential phishing campaign that reportedly uses open redirector links to be able to lure users into clicking. Legitimate sales as well as marketing campaigns most often rely on open redirects in order to track click rates and lead customers to certain landing pages.

Researchers warn that attackers could reportedly abuse open redirects in order to link to a URL in a certain trusted domain then embed the eventual final malicious URL as a new parameter. Such abuse could even prevent users as well as security solutions from being able to quickly recognize that the link would possibly be a malicious URL.

Attackers New Phishing Approach

While the abuse of open redirects isn't really a novel approach, the attackers within the current campaign could combine these particular links with social engineering tricks by impersonating certain popular tools and services in order to trick users to click on those fake malicious links. 

3,300 companies were allegedly exposed due to a Microsoft Azure Cosmos DB database which is not the only vulnerability that Microsoft users have experienced in the past. Phishing campaigns have been going on for quite a while and is one of the oldest techniques hackers use to steal information.

Casual URLs to Look Like a Trustworthy Domain Name

Unraveling the details of the particular campaign, the researchers note that the links lead to not just one but actually several redirects. It even throws a Captcha verification page which is a bid to fool users into thinking that the page is actually above-board.

Once the users finally answer the Captcha, the attackers can then take them to another fake sign-in page of a certain legitimate service. Researchers also suggest that phishing attacks make use of other open redirects due to a casual inspection of the URL from an email client which will display a trustworthy domain name which encourages the users to click the particular link.

Read Also: [UPDATE] T-Mobile Hacker Said it Only Took Him a Week to Steal Data, Says Carrier Security is 'Awful'

Researchers Warn of Getaway Solutions

The researchers reason that likewise, traditional email getaway solutions could inadvertently allow certain emails from this campaign to be able to pass through due to their settings being trained to help recognize the primary URL. This is without necessarily checking the particularly malicious parameters that are hiding in plain sight. Microsoft Exchange servers were just hacked by a brand new ransomware gang through the ProxyShells vulnerability.

Another particular aspect of the campaign that actually shows the commitment of the threat actors behind it, is that it usually relies on quite a huge number of domains. This includes at least 350 unique ones, which is yet another attempt to help evading detention.

Related Article: Apple CSAM Detection Tool a "Disaster-in-the-Making," Edward Snowden Says

This article is owned by Tech Times

Written by Urian B.

ⓒ 2021 All rights reserved. Do not reproduce without permission.