You have to hand it to those hackers, they’re always innovating. This week comes news of two new phishing exploits designed to do one thing: convince you it’s NOT a phishing email.
First, from Threat Post, comes a clever exploit that uses YouTube redirect links, which are whitelisted by many security defense mechanisms, to evade detection. From the article, “If certain malicious URLs are blocked by web browser phishing filters, attackers commonly use a redirector URL to bypass these filters and redirect the victim to their phishing landing page. URL redirects have been used in previous campaigns, including malicious redirect code affecting Joomla and WordPress websites and HTML redirectors being used by Evil Corp. Now, a new campaign is using legitimate YouTube redirect links.”
Since most organizations allow employees to use platforms like YouTube, the links are by necessity, whitelisted. Really, redirect links from any well-known web site likely to be whitelisted will do. And while this most recent exploit uses YouTube, any highly-used business platform (e.g., LinkedIn) will theoretically work.
This exploit is doubly hard for users to detect because the malicious, embedded link actually contains the well-known URL within it. Few users would suspect a link that looked like this:
https://www.youtube.com/redirect?v=maliciouswebsite.com
The second exploit involves a new kind of email attachment called a phaxattachment. From Security Boulevard, “When recipients click on the attachment they are actually clicking on a URL that takes them to a fake website where they are prompted to give up their credentials. Phaxttachments look so much like the real thing that it’s difficult for the average end user to distinguish between a real attachment and fake one.”
Interestingly, the article goes on to say “the only way to effectively combat this threat is to rely more on algorithms that have been trained to look for phaxattachment. End user training is not likely to prove very effective at identifying phaxattachments.” That’s probably true about most phishing emails today. Afterall, most phishing emails today are excellent at convincing even the most highly-trained user that they’re not phishing emails.
If you want to protect your end users from clever phishing tactics like redirects and phaxattachments, you’re going to need the help of technology. Technology like Phishing Protection available from DuoCircle.
Phishing Protection from DuoCircle is a cloud-based, real-time email scanning software that doesn’t fall for redirects or phaxattachments. Instead, it virtually “clicks” on links embedded in emails and attachments and follows those links all the way to the destination. And if the destination website is determined to be malicious, users are prevented from visiting it. In other words, Phishing Protection does NOT get fooled by social engineering.
Since it’s cloud-based, Phish Protection requires no hardware, no software and no maintenance. It works with all major email services, sets up in 10 minutes and only costs pennies per user per month.
These won’t be the last advanced phishing tactics that will threaten your organization, but they can be the last ones you have to worry about. Try Phishing Protection risk free for 30 days.