Unit 42's threat intel team observed around 2,000 large-scale phishing campaigns abusing HTTP header refresh entries for credential harvesting between May and July this year.
"The original and landing URLs are often found under legitimate or compromised domains, a technique that's often effective in concealing malicious URL strings," stated Unit 42's Yu Zhang.
"Additionally, attackers frequently use legitimate domains that offer URL shortening, tracking, or campaign marketing services," highlighting the sophistication of current phishing tactics.
By implementing deep linking, attackers enhance their phishing attempts by partially pre-loading forms with users' details, increasing their chances of success.
[
Collection
]
[
|
...
]