Phishing campaign alters prefix in hyperlinks to bypass email defenses


Threat hunters say they’ve seen a concerted rise in the use of a phishing tactic designed to bypass traditional email defenses by subtly changing the prefixes (a.k.a. schemes) of malicious URLs in hyperlinks.

In other words, rather than a URL beginning with “http://” it instead starts with “http:/\”. Yet the rest of the URL remains the same. “The URLs don’t fit the ‘known bad’ profiles developed by simple email scanning programs, allowing them to slip through undetected,” explains a blog post today from the GreatHorn Threat Intelligence Team.

Read more…