A recent surge in phishing campaigns has revealed attackers leveraging cleverly obfuscated URLs and Microsoft 365 password expiry warnings to trick users into surrendering their credentials. Here’s a breakdown of the latest findings:
The phishing emails consistently use subject lines formatted as: “ACTION Required – [Client] Server SecurityID:[random string]”.
The email body prompts recipients to reconfirm their passwords due to expiry, with clickable buttons labeled “Keep [USER EMAIL] Access Active.”
Tactics Employed
– Fake YouTube Links: Attackers embed links starting with seemingly legitimate URLs (e.g., youtube.com), followed by obfuscated characters like %20.
– URI Obfuscation: By including the @ symbol in URLs, attackers redirect users to malicious domains (e.g., globaltouchmassage[.]net), disguising them as trustworthy.
Key Indicators
- URLs with excessive %20 (HTML space encoding)
- The use of an @ symbol
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from CySecurity News – Latest Information Security and Hacking IncidentsRead the original article: