Hackers found abusing URL protection tools to hide phishing links
And no one knows exactly how they're doing it
Cybersecurity researchers have recently spotted hackers abusing URL protection tools to deliver phishing links to unsuspecting victims, with “hundreds of companies, if not more”, targeted.
When a person receives an email with a link, the tool will copy and rewrite it, and then embed it within a new, rewritten one. So, once the recipient clicks on that link, it triggers a security scan. In this new campaign, which most likely started in mid-May 2024, the rewritten link navigated the recipients to a phishing site.
Barracuda’s researchers don’t seem to know exactly how the hackers managed to trick the URL protection tool, but suspect it is a result of a successful business email compromise (BEC) attack. They believe the attackers first gained access to the email inbox, analyzed the security tool installed, and then sent themselves an email with the phishing link.
Difficult to detect
Since the URL protection tool will rewrite the phishing URL, they can then use that link to hide the malicious one inside. These links were sent from domains such as wanbf[.]com and clarelocke[.]com, and were designed to look like DocuSign and password reset reminders.
“Traditional email security tools may find it difficult to detect these attacks,” the researchers said in their write-up. “The most effective defense is a multilayered approach, with various levels of security that can detect and block unusual or unexpected activity, however complex. Solutions that include machine-learning capabilities, both at the gateway level and post-delivery, will ensure companies are well protected.”
Barracuda also said that no matter how advanced email protection tools are, businesses should always consider educating their employees on the latest email-borne threats, and how to spot and report them. Humans are the first, and best, line of defense, since software and automated tools, no matter how advanced, will always have workarounds.
More from TechRadar Pro
- Microsoft slammed for sending out hack email warnings that look an awful lot like spam and phishing attacks
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.