Attackers abuse URL protection services to hide phishing links in emails
- by nlqip
When users then click on the rewritten link, the server runs a check to see if the link points to a known phishing or malware website and based on the result, either blocks access to it or redirects the request to the final destination. The benefit is that if a website is flagged as malicious at a later time, all rewritten links pointing to it will stop working, delivering protection to all users.
However, the success of this approach in practice is debatable and it has downsides too. First, this breaks cryptographic email signatures because the secure email gateway modifies the original email by changing the link. Then, the rewritten links obfuscate the real destinations, which in some cases could be obviously suspicious just by looking at them.
For example, Microsoft offers this feature under the name Safe Links for Office 365 users, where links in incoming emails and messages in apps like Outlook and Teams are rewritten to na01.safelinks.protection.outlook.com/?url=[original_URL] and this feature has been criticized in the past by security companies for not actually performing dynamic scans or for being easy to bypass with traffic redirection based on IP — Microsoft’s IP addresses are publicly known — or by using open redirect URLs from legitimate and trusted domains.
Source link
lol
When users then click on the rewritten link, the server runs a check to see if the link points to a known phishing or malware website and based on the result, either blocks access to it or redirects the request to the final destination. The benefit is that if a website is flagged as malicious…
Recent Posts
- Tenable Selected by Bank of Yokohama to Secure its Active Directory and Eliminate Attack Paths
- CISA warns of actively exploited Apache HugeGraph-Server bug
- Suspects behind $230 million cryptocurrency theft arrested in Miami
- Ivanti Says ‘Critical’ Cloud Gateway Vulnerability Seeing Exploitation
- Microsoft Edge will flag extensions causing performance issues