Cybersecurity researchers have discovered a recent phishing attempt that employs shortened URLs made by WhatsApp and Google Drawings to evade detection and trick victims into clicking on bogus links meant to steal personal information.
Researchers studying cybersecurity have uncovered a brand-new phishing effort that uses Google Drawings and shortened URLs created by WhatsApp to avoid detection and fool people into clicking on false links intended to steal personal data.
“The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements and an Amazon lookalike to harvest the victim’s information,” said Ashwin Vamshi, a researcher at Menlo Security. “This attack is a great example of a Living Off Trusted Sites (LoTS) threat.”
The assault begins with a phishing email that sends recipients to a picture that looks to be a link for verifying their Amazon account. For its part, this image is hosted on Google Drawings, seemingly in an attempt to avoid being discovered.
Attackers might profit greatly from abusing lawful services because, in addition to being an inexpensive option, they provide a covert means of communication within networks because security solutions and firewalls are unlikely to prohibit them.
“Another thing that makes Google Drawings appealing at the beginning of the attack is that it allows users (in this case, the attacker) to include links in their graphics,” Vamshi stated.
When users click the verification link, they are directed to a page that looks a lot like the Amazon login page. This is because the URL was created using two separate URL shorteners: WhatsApp (“l.wl[.]co”) and qrco[.]de”), which were used in order to add another layer of obfuscation and trick security URL scanners.
The purpose of the phony page is to obtain credit card numbers, credentials, and personal information. The victims are then taken to the authentic phished Amazon login page. As an additional precaution, after the credentials are verified, the web page is made unreachable from the same IP address.
Researchers have found a way to go beyond Microsoft 365’s anti-phishing safeguards and raise the likelihood that users will click on phishing emails. This is why the revelation has been made.
The technique involves hiding the “First Contact Safety Tip,” which notifies users when they receive emails from unknown addresses, using CSS trickery. Despite acknowledging the problem, Microsoft has not yet released a fix.
“As the First Contact Safety Tip is prepended to the body of an HTML email, you can use CSS style tags to change how it appears,” stated Certitude, an Austrian cybersecurity company. “We can take this a step further and spoof the icons Microsoft Outlook adds to emails that are encrypted and/or signed.”
Also read: Achieving Rapid Outcomes with AI-Driven Cloud Analytics
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
