The Bizarre Phishing Campaign with 1000 Character URLs
A new phishing campaign is underway that should make even the most tech-illiterate people suspicious. The campaign involves stating that your email has been blacklisted, and then proceeds to ask to you confirm it by entering your credentials. This is fairly standard as phishing scams go, but the odd thing is that it uses phishing links that contain almost 1000 characters, which should trigger some alarm bells.
What is a Phishing Attack?
A phishing attack or scam is when an attacker sends an email posing as someone else, or a company, in order to extract information from the target. This information can then be used to compromise your accounts.
Phishing Attacks: The Statistics
(Data reported in 2018):
- Phishing attacks grew 65% from 2017-2018
- 76% of businesses reported being a victim of a phishing attack between 2017-2018.
- Webroot Threat reports that nearly 1.5 million new phishing sites are created each month.
- Around 30% of phishing messages are opened, and 12% of those users will click the malicious link.
We can expect that the upwards trend of phishing attacks continued across 2018 and continues now in 2019 and that the landscape of these attacks is worse toward.
More About the Weird Campaign
The phishing campaign pretends to be from the mail domain’s support department, stating that your email has been blacklisted due to multiple login failures. The attackers then created a sense of urgency by stating that the account will be terminated if you do not verify your account by logging in again. To log in, you need to click on a link which will display a landing page that looks similar in style to your email login screen, appearing to be legitimate.
The URLs included in the email are oddly and suspiciously long, something that attackers normally stay away from because it is an automatic red flag for most people. The URLs range from 400 to almost 1000 characters. One user tweeted that they received an email with a URL that was 991 characters long.
It is not clear why the attackers used such long URLs, or whether it was simply an oversight on their part. People often notice that phishing or scam emails have poor grammar or misspelled words. In some cases, this can be on purpose, such as with Nigerian scams. These scams involve a high degree of communication between the victim and the scammer to build a sense of trust before the scammer will ask for money. Since this is time intensive, it actually makes sense that the scammers only receive messages back from the most gullible people, people that overlook obvious mistakes.
However, this is not the case with phishing campaigns. Phishing campaigns are all about getting credentials and gaining control of your accounts, and the quicker this can be done, the better. Phishing campaigns often look legitimate and created a sense of urgency so that the recipient acts quickly without checking the veracity of the email.
This is what makes this campaign highly unusual, phishing campaigns try to fly under the radar and look as close to the real thing as possible in order to trick you. A stupidly long URL is likely to significantly hamper the success of the campaign.