Unusual new phishing technique

[braumeister]

Just saw this and thought a general warning would be in order. I think most of us are used to hovering over a URL to check where it actually goes, but this trick can bypass that safeguard in a couple of ways.

This phishing attack is using a sneaky trick to steal your passwords, warns Microsoft

Hovering over a link in an email isn't going to be enough to check if it's going to take you to a dangerous site.

ZDNet article

 

[calmloki]

So what does one do to combat and be safe? Google says "not our problem - the hover to check isn't useful security anyway". Didn't notice an answer in the article.
Just be afraid, be very afraid? I've been counting on things looking bogus, not actual seriously plausible sneak attacks. my stomach hurts.

 

[ExFlyBoy5]

So what does one do to combat and be safe? Google says "not our problem - the hover to check isn't useful security anyway". Didn't notice an answer in the article.
Just be afraid, be very afraid? I've been counting on things looking bogus, not actual seriously plausible sneak attacks. my stomach hurts.

I think the pop-up warning is the key.

This particular attack relies on the email sales and marketing tool called 'open redirects', which has been abused in the past to redirect a visitor to a trustworthy destination to a malicious site. Google doesn't rate open redirects for Google URLs as a security vulnerability, but it does display a 'redirect notice' in the browser.

 

[Sunset]

I wish the site had given an example of a redirect

 

[braumeister]

I wish the site had given an example of a redirect

It can vary, but here is one example:

 

[ERD50]

So what does one do to combat and be safe? Google says "not our problem - the hover to check isn't useful security anyway". Didn't notice an answer in the article.
Just be afraid, be very afraid? I've been counting on things looking bogus, not actual seriously plausible sneak attacks. my stomach hurts.

Simple - NEVER (and I'm breaking my rule of 'never say never'), but NEVER click on a link from an email. NEVER call a number regarding finances that was provided for you (email or voice message).


Go to the site directly from a known address, or call the number on your CC, bank statement etc.

-ERD50

 

[jim584672]

I set privacy settings in Thunderbird to block remote content by default. If the email is trusted I click allow remote content.

 

[sengsational]

Maybe I've got this wrong, but aren't the same people that hover over a link to see if it's legit, the same crowd that looks at the link in the browser's address bar so see if it's legit too? If you're redirected to russianbadguy.com, I probably wouldn't interact with the page, hehe!

 

[Kerfuffle]

Who ever clicks on links in emails anymore? I haven't done that in years. Just go to the site and login and find what you need. The hovering itself doesn't cause the problem, it's only the clicking. Don't trust the hover, and you'll be fine.

 

[jimbee]

Simple - NEVER (and I'm breaking my rule of 'never say never'), but NEVER click on a link from an email. NEVER call a number regarding finances that was provided for you (email or voice message).


Go to the site directly from a known address, or call the number on your CC, bank statement etc.

-ERD50

Yep, this is how you deal with it.