TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

URL Obfuscation—Still a Phisher’s Phriend

2017-08-29 · Read original ↗

ATT&CK techniques detected

4 predictions
T1566.002Spearphishing Link
99%
"these shortening web apps take a long complex url line, such as “ https : / / f5. com / labs / articles / threat - intelligence / cyber - security / russian - hackers - face - to - face ”, and shrink it down to something more convenient and easily sharable, such as “ http : / / b…"
T1566.002Spearphishing Link
98%
"url obfuscation — still a phisher ’ s phriend i was at a client ' s office the other day and the security team was discussing their latest round of spear - phishing attacks : a pdf delivered in email with an embedded bit. ly link that appeared authentic but took users to a phony …"
T1566.002Spearphishing Link
95%
"web application tools to perform the redirect, which often can look like : http : / / investingsite. com / redirect. php? url = http : / / nicebanksite. com a phisher could then hijack this mechanism to redirect users to a fake site. however, an untrained user might only notice t…"
T1566.002Spearphishing Link
90%
"imitation sites. this particular problem used to part of the owasp top 10 web vulnerabilities called unvalidated redirects and forwards3 and is often tested for as part of a web application vulnerability test. this vulnerability can also be a lot more subtle, buried in app functi…"

Summary

Cyber crooks use several common URL disguising techniques to trick users into thinking their sham sites are legitimate.