The Microsoft Security Intelligence Twitter account is at it again with another PSA (Project Service Automation) regarding a phishing campaign mucking up link-clicking safety for denizens of the web. If you get an email with one of these sketchy links, you may not be able to recognize the problem until it’s too late.
A phishing campaign is an email fraud meant to collect victims’ personal information. Cybercriminals utilize phishing. It is a fraudulent effort to steal sensitive information such as credit card numbers and login passwords by impersonating a legitimate firm or person via an email conversation.
Here’s the issue: These open redirector links are crafted to subvert normal inspection efforts. The Smart users know to hover over links to see where they’re going to lead. These links are prepared for that type of user and display a safe destination designed to lure targets into a false sense of security. Click the link and you’ll be redirected to a domain that appears legit (such as a Microsoft 365 login page, for example) and sets the stage for you to the voluntarily hand over credentials to bad actors without even realizing it until it’s too late.
This phishing campaign takes things further than just crafty the URLs, though. It also employs Google reCAPTCHA services in order to keep the threat analysis systems at bay. It stops site scanners from protecting you once you’re in the malicious domain.
All in all, it’s crafty stuff, and Microsoft admits as much over on Twitter. It also has a dedicated blog post that details the scheme in greater depth. Though the post’s protection advice section is light on actionable guidance. Still, there’s a lot of detailed data in there that could potentially offer those with an advanced understanding of phishing attack procedures some worthwhile information.