“Stay vigilant against fake email web flaws and malicious links. Attackers exploit vulnerabilities and use deceptive tactics to gain unauthorized access.”
Attackers Exploit Web Application Vulnerabilities in Phishing Attacks
Attackers are constantly evolving their tactics to exploit vulnerabilities in web applications and deceive unsuspecting victims. One of the most common methods used in phishing (fake email) attacks is the exploitation of reflected Cross-Site Scripting (XSS) flaws. This type of attack allows attackers to inject malicious code into a website, which is then executed by unsuspecting users when they click on the link in an email or unfortunately come across the website while surfing (browsing) the internet.
Attackers have found a way to circumvent detection by using the browser link tag attribute “href” in their fake emails. By doing so, they can trick email filters and security systems into thinking that the email is legitimate. This tactic is often combined with other techniques, such as using the entire email content as an image or encoding URLs, to further deceive the victim.
In addition to exploiting web application vulnerabilities, attackers also engage in thread hijacking of NTLM (NT LAN Manager) – a security protocol used by Microsoft Windows operating systems for authentication. By hijacking the authentication thread, attackers are able to extract NTLM challenge-response hashes from legitimate SMB (Server Message Block) sessions. This allows them to impersonate authenticated users and gain unauthorized access to sensitive information or systems.
Cloud storage platforms are increasingly being used to hide malware. Attackers are now opting for malicious links in spam emails instead of traditional attachments. This shift in tactics is likely due to the fact that many email filters and security systems are becoming more effective at detecting and blocking malicious attachments. By using malicious links, attackers can bypass these security measures and direct victims to websites hosting malware.
However, when attachments are used, attackers often rely on file formats that are less commonly associated with malware. For example, the .ics calendar invite and .rtf attachment file formats links in the email are frequently used to trick recipients into opening malicious content. These file formats are often seen as harmless and are less likely to raise suspicion among users.
It is crucial for individuals and organizations to turn off their email program preview window or ask before displaying external images to prevent these malicious emails from auto displaying if you don’t know the sender and you are not corresponding with the sender. Only read the subject line to determine whether to open the email and be cautious of clicking on any type of link in the email.
You can find instructions on how to turn off the gmail preview window under our “Virus and Malware” link at the top of this page. You are encouraged to do this also in the other email programs you may use.
Also you will never receive an email from us unless you requested a link authentication to login to your account or you have sent an email requesting something through our contact page.
That also means you will not receive an email containing our newsletter. You can only access the newsletter on this site or through the monthly archives.