Researchers at Palo Alto Networks’ Unit 42 warn that attackers are utilizing refresh entries in HTTP response headers to mechanically redirect customers to phishing pages with out consumer interplay.
“Unit 42 researchers noticed many large-scale phishing campaigns in 2024 that used a refresh entry within the HTTP response header,” the researchers write.
“From Could-July we detected round 2,000 malicious URLs day by day that have been related to campaigns of this kind. In contrast to different phishing webpage distribution habits via HTML content material, these assaults use the response header despatched by a server, which happens earlier than the processing of the HTML content material.
Malicious hyperlinks direct the browser to mechanically refresh or reload a webpage instantly, with out requiring consumer interplay.”
Many of those phishing assaults are focusing on staff at firms within the enterprise and economic system sector, in addition to authorities entities and academic organizations.
“Attackers predominantly distribute the malicious URLs within the phishing campaigns by way of emails,” Unit 42 says. “These emails persistently embrace recipients’ e mail addresses and show spoofed webmail login pages based mostly on the recipients’ e mail area pre-filled with the customers’ info. They largely goal individuals within the world monetary sector, well-known web portals, and authorities domains. For the reason that unique and touchdown URLs are sometimes discovered below legit or compromised domains, it’s troublesome to identify malicious indicators inside a URL string.”
Unit 42 provides that attackers are additionally utilizing URL parameters to pre-fill login types with victims’ e mail addresses, growing the phishing assault’s look of legitimacy.
“Many attackers additionally make use of deep linking to dynamically generate content material that seems tailor-made to the person goal,” the researchers write. “By utilizing parameters within the URL, they pre-fill sections of a type, enhancing the credibility of the phishing try. This personalised strategy will increase the probability that the attacker will deceive the sufferer. Attackers have exploited this mechanism as a result of it permits them to load phishing content material with minimal effort whereas concealing the malicious content material.”
KnowBe4 empowers your workforce to make smarter safety selections daily. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human threat.
Unit 42 has the story.