Encircle News!

Retro Game Arcade
, , ,

Hackers found abusing URL protection tools to hide phishing links

TechRadar – All the latest technology news

Cybersecurity researchers have recently spotted hackers abusing URL protection tools to deliver phishing links to unsuspecting victims, with “hundreds of companies, if not more”, targeted.

When a person receives an email with a link, the tool will copy and rewrite it, and then embed it within a new, rewritten one. So, once the recipient clicks on that link, it triggers a security scan. In this new campaign, which most likely started in mid-May 2024, the rewritten link navigated the recipients to a phishing site.

Barracuda’s researchers don’t seem to know exactly how the hackers managed to trick the URL protection tool, but suspect it is a result of a successful business email compromise (BEC) attack. They believe the attackers first gained access to the email inbox, analyzed the security tool installed, and then sent themselves an email with the phishing link.

Difficult to detect

Since the URL protection tool will rewrite the phishing URL, they can then use that link to hide the malicious one inside. These links were sent from domains such as wanbf[.]com and clarelocke[.]com, and were designed to look like DocuSign and password reset reminders. 

“Traditional email security tools may find it difficult to detect these attacks,” the researchers said in their write-up. “The most effective defense is a multilayered approach, with various levels of security that can detect and block unusual or unexpected activity, however complex. Solutions that include machine-learning capabilities, both at the gateway level and post-delivery, will ensure companies are well protected.”

Barracuda also said that no matter how advanced email protection tools are, businesses should always consider educating their employees on the latest email-borne threats, and how to spot and report them. Humans are the first, and best, line of defense, since software and automated tools, no matter how advanced, will always have workarounds.

More from TechRadar Pro

https://www.techradar.com/pro/security/hackers-found-abusing-url-protection-tools-to-hide-phishing-links

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

July 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 988: Flaming Corn Maze – AT&T Breach, Galaxy Z Fold6, Olympic Disinfo This Week in Tech (Audio)

Galaxy Z Fold 6 launches for $1,899 with wider displays FTC bans anonymous messaging app NGL from hosting children AT&T says criminals stole phone records of 'nearly all' customers in new data breach EU accuses Elon Musk's X of deceptive practices over blue 'checkmark' After 41 years Microsoft quietly adds spellchecking and autocorrect to Windows Notepad AI PCs: Qualcomm (QCOM), Microsoft (MSFT) Turn to AI to Revive PC Market Goldman Sachs: AI Is Overhyped, Wildly Expensive, and Unreliable U.S. says Russian bot farm used AI to impersonate Americans Disinfo spreaders set their sights on Paris Olympics My 28,000-follower Twitter account was hacked—and it changed my life for the better Is anyone concerned that Palmer Luckey's new compay Anduril (aka Aragorn's sword from LOTR) is making military products and has a mission statement straight out of Robocop? Apple now makes it easier to switch from Google Photos to iCloud Photos FTC Fires A Warning Shot At Eight Companies Over 'Right To Repair' Violations Host: Leo Laporte Guests: Mike Elgan, Denise Howell, and Harry McCracken Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: e-e.com/twit motific.ai bitwarden.com/twit ziprecruiter.com/twit
  1. TWiT 988: Flaming Corn Maze – AT&T Breach, Galaxy Z Fold6, Olympic Disinfo
  2. TWiT 987: Often Plagiarized, Never Equalled – Sapce Junk, Threads Hits 175M Users, AIndependence
  3. TWiT 986: Our Dope GPS! – Supreme Court Decisions, Snapdragon X Elite Tests
  4. TWiT 985: TikTok With Wings – AT&T Landlines, US Bans Kaspersky and DJI
  5. TWiT 984: Fifty-three Clicks – Bot Farms in Ukraine, LA Public Health Dept. Phished