Attackers are using YouTube redirect links; the malicious redirects send victims to a phishing page whitelisted by various security defense mechanisms to evade detection.
Fremont, CA: The researchers are warning people for a rise in phishing emails that uses YouTube redirect links that help the attackers to skirt the traditional defense measures. If web browser phishing filters block a specific malicious URL, the attackers generally redirect URL to surpass these filters and redirect the victim to their phishing landing page. In previous campaigns, URL redirects have been used, including malicious redirect code affecting WordPress and Joomla websites and HTML redirectors being used by Evil Corp. Currently, a new campaign is using the legitimate YouTube redirect links.
Most of the organizations allow the use of platforms like YouTube, LinkedIn, and Facebook, and while the domain allows for potential malicious redirects to open without any problem. According to the researchers, the emails that are using this method originated from a fraud domain, sharepointonline-po.com, which was recently registered. The cyber attackers purported to be with SharePoint that integrates with Microsoft Office. The email pointed out that a new file had been uploaded in the SharePoint site of the target company and also included an option to “View File.”
Even if the email looked illegitimate to a trained user, but a curious and unsuspecting end-user might click the button in the urge to view the illegitimate file. As the user clicks on the URL, they are redirected to YouTube and then immediately redirected to the other link.
Until now, all the phishing links from this campaign uses some variation, followed by a variation of three letters with a top-notch domain. Each of these fraud domains is registered with Namecheap and utilized for the campaign, which displays the possibilities of bot automation.
The attackers are always raising the bar when it comes to phishing attacks and excelling it with leaps and bounds. But recently, they have been spotted by tapping into the panic around coronavirus with the help of spear-phishing emails. The attackers are also utilizing anything from taxes to real estate decoys, and even HIV tests to manipulate victims and brainwash them to hand over their credentials.