A classic bit of internet security advice just bit the dust. For ages, email users were told to hover their mouse over a link to see where it led—if you saw the URL of a legitimate website, you were in the clear. But on Tuesday, Microsoft shared details on a new kind of phishing attack: Email with links that contain a known website at the start, but actually redirect to a malicious page.
This ploy relies on a type of link often used by sales and marketing teams to track information about who clicks on a URL in a newsletter or on social media. Known as open redirect links, the structure of the link begins with a primary domain, then includes a string of analytics data and a final destination site.
from PCWorld https://ift.tt/3Bvntzj
Post a Comment