Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,322
- Points
- 113
Cofense records an increase in the number of URL encoding abuses on email security gateways (Secure Email Gateway). These defenders usually blindly trust links processed by the same SEGS, and potentially dangerous emails reach their recipients.
Encoding or overwriting URLs inserted in messages at the gateway level is used so that they can be scanned before the recipient makes the transition. Unfortunately, not all SEGS perform the check in such cases, or it only detects the domain of the shop colleague who performed the conversion.
Sophisticated spammers have long discovered this ability to bypass protection, but rarely use it: for the success of the campaign, you will have to encode all the created URLs, it is easier to get 1000 more email addresses for mailing lists.
However, in the past quarter, the number of attempts to push SEG heads, according to Cofense, increased markedly, especially in May. Attackers usually encoded their links using the following tools:
VIPRE Email Security,
Bitdefender LinkScan,
Hornet Security Advanced Threat Protection URL Rewriting,
and Barracuda Email Gateway Defense Link Protection.
The subjects of fake emails varied, but most often the recipient was asked to sign a document (partnership offer, contract terms, compensation report, personnel report card, etc.) or was notified of a quarantined message. Spammers used the names Microsoft and DocuSign to make the fakes look convincing.
According to experts, it is not easy to stop such abuses: most SEGS do not provide an option to ignore encodings made by similar defenders. Only education and training can help corporate users.
Encoding or overwriting URLs inserted in messages at the gateway level is used so that they can be scanned before the recipient makes the transition. Unfortunately, not all SEGS perform the check in such cases, or it only detects the domain of the shop colleague who performed the conversion.
Sophisticated spammers have long discovered this ability to bypass protection, but rarely use it: for the success of the campaign, you will have to encode all the created URLs, it is easier to get 1000 more email addresses for mailing lists.
However, in the past quarter, the number of attempts to push SEG heads, according to Cofense, increased markedly, especially in May. Attackers usually encoded their links using the following tools:
VIPRE Email Security,
Bitdefender LinkScan,
Hornet Security Advanced Threat Protection URL Rewriting,
and Barracuda Email Gateway Defense Link Protection.
The subjects of fake emails varied, but most often the recipient was asked to sign a document (partnership offer, contract terms, compensation report, personnel report card, etc.) or was notified of a quarantined message. Spammers used the names Microsoft and DocuSign to make the fakes look convincing.
According to experts, it is not easy to stop such abuses: most SEGS do not provide an option to ignore encodings made by similar defenders. Only education and training can help corporate users.
