Researchers at Perception Point recently flagged an email that was able to pass through spam filters using a specialty crafted URL, even though the intent of the email was to steal a victim’s Microsoft credentials. The threat actor was taking advantage of how email filters and browsers read the “@” character differently when analyzing a URL or email. Most email filters will ignore text before and after an “@” symbol as they are commonly used within email for legitimate reasons. Alternatively, when reading an “@” symbol in an URL, browsers will assume that anything before the symbol includes credentials, and anything after is the website trying to be accessed. For example, http(s)://username[:]password[@]example.com would attempt to use a username and password to access example.com, and if no credentials were needed, the website itself would be accessed. By using a URL that was made up of a random string of characters followed by an “@” symbol and then the phishing page, the threat actor was able to bypass email filtering and trick victims into going to a spoofed webpage that stole their credentials.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.