Cybercriminals are exploiting legitimate URL protection services to disguise phishing links, as revealed by Barracuda researchers. These attackers use URL protection services to mask their phishing URLs, redirecting victims to malicious sites designed to steal credentials. By leveraging these services, which are meant to protect users from malicious sites, the attackers are able to bypass email security measures and target numerous companies.
The exploitation occurs when attackers gain access to URL protection accounts, allowing them to rewrite phishing URLs to appear legitimate. This tactic, known as conversation hijacking, involves compromising accounts to send phishing emails with concealed malicious links. This method effectively turns the protection service against itself, making it harder for traditional security tools to detect the threat.
The researchers highlighted that many email security tools might not detect these sophisticated attacks, which could lead users to mistakenly trust malicious links. Attackers may also use outbound emails to themselves, including the phishing link within the message to exploit the URL protection service. This approach provides a layer of disguise that undermines the effectiveness of URL protection mechanisms.
In addition to exploiting URL protection, the study notes the rising use of “quishing” attacks, which use QR codes to direct victims to malicious sites. This tactic increases the chances of bypassing organizational security measures by targeting personal devices. The findings underscore the need for enhanced security awareness and tools to address these evolving phishing techniques.