A new type of phishing method exploits the gap in how browsers and email inboxes scan web domains. Researchers have discovered a previously unknown mechanism for infiltrating email inboxes with malicious links.
According to research by Perception Point, the smart approach takes advantage of a critical difference in how email inboxes and browsers parse URLs. The attacker used a “@” symbol in the middle of an unusual URL. Ordinary email security filters mistook it for a remark, but browsers recognized it as a valid web address.
The phishing emails managed to get past security, but when recipients clicked on the link inside, they were taken to a false landing page.
This article first appeared in ITSecurityWire by ITsec Bureau on May 13, 2022.