Researchers at Palo Alto Networks’ Unit 42 warn that attackers are utilizing refresh entries in HTTP response headers to routinely redirect customers to phishing pages with out person interplay.
“Unit 42 researchers noticed many large-scale phishing campaigns in 2024 that used a refresh entry within the HTTP response header,” the researchers write.
“From Might-July we detected round 2,000 malicious URLs every day that had been related to campaigns of this sort. In contrast to different phishing webpage distribution habits by way of HTML content material, these assaults use the response header despatched by a server, which happens earlier than the processing of the HTML content material.
Malicious hyperlinks direct the browser to routinely refresh or reload a webpage instantly, with out requiring person interplay.”
Many of those phishing assaults are concentrating on workers at corporations within the enterprise and financial system sector, in addition to authorities entities and academic organizations.
“Attackers predominantly distribute the malicious URLs within the phishing campaigns by way of emails,” Unit 42 says. “These emails persistently embody recipients’ e-mail addresses and show spoofed webmail login pages primarily based on the recipients’ e-mail area pre-filled with the customers’ info. They largely goal folks within the international monetary sector, well-known web portals, and authorities domains. For the reason that authentic and touchdown URLs are sometimes discovered underneath professional or compromised domains, it’s troublesome to identify malicious indicators inside a URL string.”
Unit 42 provides that attackers are additionally utilizing URL parameters to pre-fill login types with victims’ e-mail addresses, rising the phishing assault’s look of legitimacy.
“Many attackers additionally make use of deep linking to dynamically generate content material that seems tailor-made to the person goal,” the researchers write. “By utilizing parameters within the URL, they pre-fill sections of a type, enhancing the credibility of the phishing try. This personalised method will increase the chance that the attacker will deceive the sufferer. Attackers have exploited this mechanism as a result of it allows them to load phishing content material with minimal effort whereas concealing the malicious content material.”
KnowBe4 empowers your workforce to make smarter safety selections each day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human threat.
Unit 42 has the story.