News Priviw

Switch to the dark mode that's kinder on your eyes at night time.

Switch to the light mode that's kinder on your eyes at day time.

Menu

News Priviw

Menu
in

Beware this new phishing attack that’s after your passwords!

Beware this new phishing attack that's after your passwords! thumbnail

That email link might not send you where you expect.




neourban 1808082 1920

Markus Spiske / Pixabay

Today’s Best Tech Deals

Picked by PCWorld’s Editors

Top Deals On Great Products

Picked by Techconnect’s Editors

A classic bit of internet security advice just bit the dust. For ages, email users were told to hover their mouse over a link to see where it led—if you saw the URL of a legitimate website, you were in the clear. But on Tuesday, Microsoft shared details on a kind of phishing attack it’s seeing more frequently: Email with links that contain a known website at the start, but actually redirect to a malicious page.

This ploy relies on a type of link often used by sales and marketing teams to track information about who clicks on a URL in a newsletter or on social media. Known as open redirect links, the structure of the link begins with a primary domain, then includes a string of analytics data and a final destination site.

But as Microsoft describes in a post on its security blog, this phishing strategy uses open redirect links to exploit an average end user’s security training. Because open redirects can start with any primary domain and end with any final destination, these phishing links can start with a legitimate site and then go to a malicious page.

Adding further complexity to this scheme is the use of captchas to lend an air of authenticity. Users who believe they’re on a genuine site will then enter login credentials in the belief they’re accessing a notification, report, or even Zoom meeting, only to encounter a fake error page claiming a session time-out or incorrect password—prompting a second entry of login credentials. After the phishing attempt has successfully captured the user ID and password twice, users get redirected to another genuine website.

You can see specific examples of this attack and a sample list of malicious destination URLs in Microsoft’s blog post, but you don’t need to dig that deep in order to protect yourself. Instead, start using a password manager. It won’t automatically supply your login credentials on a spoofed site. You can also look over the whole URL when you land on a website, but it’s not nearly as fool-proof a method as a password manager.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GIPHY App Key not set. Please check settings

BLACKPINK's Lisa to perform her first solo single on The Tonight Show Starring Jimmy Fallon on September 10 thumbnail

BLACKPINK’s Lisa to perform her first solo single on The Tonight Show Starring Jimmy Fallon on September 10

Automated conversion and styling using LibreOffice In Python

Back to Top

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

To use social login you have to agree with the storage and handling of your data by this website. %privacy_policy%

Add to Collection

No Collections

Here you'll find all collections you've created before.