Phishing Attacks with Legitimate URLs

antiphishing tools and phishing protection software
Posted by: Orhan Sari Category: News, phishing, Phishing Statistics Post Date: December 27, 2019

Phishing Attacks with Legitimate URLs

Contact Keepnet for the best antiphishing tools and phishing protection software!

Throughout the years, cybercriminals have become more skilled at escaping the discovery by lurking within benign things and attacking their targets. They essentially utilise of URLs that lead targets to genuine yet compromised websites or have safe-looking redirectors that ultimately redirect targets to a phishing plot. According to the statistics in 2018 Keepnet Phishing Trends Report dataset, 49.32% of phishing messages were opened by the target across all organisations, 33.10 % went on to click the malicious attachment or link, 12,87 % hand over the information.

Contact Keepnet for the best antiphishing tools and phishing protection software.

Microsoft revealed that cybercriminals crafted smart phishing attacks in 2019 by using links to Google search results that were infected so that they “pointed to an attacker-controlled page”, which finally redirected to a phishing web site. A traffic generator ensured that the redirector page was the top result for certain keywords.

Phishing attack that used poisoned search results
Phishing attack that used infected search results

According to Microsoft, using this technique, cyber criminals were able to transmit phishing emails that carried simply genuine URLs (i.e., link to search results), “and a trusted domain at that”, for instance:

  • hxxps://www[.]google[.]ru/#btnI&q=%3Ca%3EhOJoXatrCPy%3C/a%3E
  • hxxps://www[.]google[.]ru/#btnI&q=%3Ca%3EyEg5xg1736iIgQVF%3C/a%3E

The attack was even more clandestine due to its use of “location-specific search results”. When reached by users in Europe, the phishing URL redirected to the website c77684gq[.]beget[.]tech, and ultimately to the phishing page. Outside Europe, the same URL returned no search results.

Contact Keepnet for the best antiphishing tools and phishing protection software!

According to Microsoft, “for this to work, attackers had to make sure that their website, c77684gq[.]beget[.]tech, was the top search result for the keyword “hOJoXatrCPy” when queried from certain regions. The website’s HTML code is composed of a redirector script and a series of anchor elements:”

Redirected-code-phishing-attack
Redirected Code

Microsoft explained that “These anchor elements were designed to be crawled by search engines so that the page is indexed and returned as result for the search keywords that attackers wanted to use for their campaign”.

Anchor tags containing search keywords
Anchor tags containing search keywords

Finally, cybercriminals set up a traffic generator to poison/ infect search results. Because the phishing URL used the open redirector functionality, it redirected to the top search result, therefore the redirector webpage.

Contact Keepnet for the best antiphishing tools and phishing protection software!

Phishing attacks are the source of more than 90% of successful cyberattacks. To keep your organisation secure, your employees must be completely trained in security awareness and change their behaviour to apply best security practices. 

Simply teaching your employees on how to detect phishing emails and deal with them properly can add a powerful layer of security.

Here are tips on how to avoid phishing attacks:          

  • Don’t click on the links in the email coming from unknown sources       
  • Don’t open attachments from someone you don’t know. If you receive an attachment from someone you know, call the sender to verify the legitimacy of the email.
  • If you get suspicious about an email you got, throw it out.   
  • Look out for regular phishing style in emails like “Verify your account.”
  • Hover the over links in emails, check the URL to verify the authenticity and instead of clicking on the link, type in the web address into the browser manually to access the website.
  • If you visit a website with a padlock, click on the padlock to verify the authenticity.
  • Protect your accounts by using multi-factor authentication.
  • Protect your data by backing it up.

Want try Keepnet's multi-layered anti-phishing solutions for free?

Click the button and start your free trial today

Share this post