New Phishing Campaign Uses Altered URL Prefixes

Security researchers from GreatHorn have discovered a new phishing campaign in which cybercriminals are bypassing traditional URL protection methods. While many phishing scams involve changing letters in the URLs of popular websites to trick users into visiting fake landing pages, this campaign modifies the characters used in the prefix that comes before the URL itself.

The URLs used in this campaign are incorrectly formatted and do not use the standard URL protocols such as http:// or https://. Instead, they use http:/\ in the URL prefix. Since a colon and two forward slashes have always been used in the standard URL format, most browsers automatically ignore this irregularity.

As a result, cybercriminals are able to bypass many email scanners and reach their intended targets.

Significant Increase in Attacks

According to experts, the first attacks using the altered prefix method were recorded in October of last year. From early January to February 2021, the volume of phishing email attacks using distorted URL prefixes increased by 5,933%.

Although these phishing attempts have been detected in organizations across various industries, financial, pharmaceutical, and construction companies are targeted more often than others. Additionally, organizations using Microsoft Office 365 have become targets much more frequently than those using Google Workspace as their cloud email environment.