A new type of phishing method exploits the gap in how browsers and email inboxes scan web domains. Researchers have discovered a previously unknown mechanism for infiltrating email inboxes with malicious links.

According to research by Perception Point, the smart approach takes advantage of a critical difference in how email inboxes and browsers parse URLs. The attacker used a “@” symbol in the middle of an unusual URL. Ordinary email security filters mistook it for a remark, but browsers recognized it as a valid web address.

The phishing emails managed to get past security, but when recipients clicked on the link inside, they were taken to a false landing page.

Read More: https://threatpost.com/novel-phishing-trick-uses-weird-links-to-bypass-spam-filters/179587/

This article first appeared in ITSecurityWire by ITsec Bureau on May 13, 2022.