From bleepingcomputer.com
A new phishing campaign uses Google search query redirects to send potential victims to a phishing landing page designed to collect Microsoft Office 365 credentials via encoded URLs.
The phishers behind these attacks use URL Encoding (also known as Percent Encoding), a technique that makes it possible to convert ASCII characters in URLs with % signs followed by two hexadecimal digits.
This allows the threat actors to hide the phishing page URL from secure email gateways (SEGs) that scan emails for malicious links and content to block potentially dangerous messages.