Cybercriminals Exploit Link Wrapping to Launch Stealthy Phishing Attacks and Steal Sensitive User Information
Cybercriminals are exploiting trusted tools like "link wrapping" in new phishing attacks to steal login credentials and bypass security filters.
Tech Author
Cybersecurity experts have uncovered a new type of phishing attack that uses trusted tools to trick people into clicking on malicious links.The attackers misuse a feature called link wrapping, which is designed to keep users safe. Normally, some companies, such as Proofpoint and Intermedia, attempt to safeguard users by scanning links in emails before they are clicked. This process, known as link wrapping, is intended to block harmful websites.
Hackers take advantage of this by gaining control over email accounts that already use link wrapping. When these accounts send emails, the links within them are automatically wrapped and appear secure.This makes it easier for malicious links to get through security filters.
Attackers also use multiple layers of redirection to hide the actual destination of their links. First, they shorten the URL.Then they send it through a Proofpoint-secured account. This double-wrapping makes it difficult for security tools and users to detect threat.
Most of these phishing emails look like legitimate work notifications, such as voicemail alerts, Microsoft Teams messages, or Zoom meeting invitations. When people click on these links, they are taken to fake Microsoft 365 or Teams pages, where their login information is stolen. Victims were duped into believing their Zoom meeting had "timed out." They were redirected to a phishing page that requested their login credentials, which were then stolen and sent to hackers via Telegram.
Cloudflare also discovered an alarming trend that some attackers are utilizing SVG (Scalable Vector Graphics) files in emails. These files appear to be harmless, but they may contain JavaScript or malicious code. Unlike common image formats such as JPEG or PNG, SVGs can be used to deceive systems and users more easily.
This shows how cybercriminals are constantly finding clever ways to misuse trusted tools. Users and organizations need to stay alert and double-check links before clicking, even if they look safe.
This article is based on information from The Hackers News
