Man
Professional
- Messages
- 3,225
- Reaction score
- 1,015
- Points
- 113
RTF nostalgia can be costly.
Hackers have found a new way to use the Rich Text Format (.RTF) in phishing attacks. Cybersecurity experts from Ironscales report a sharp increase in the number of such campaigns in 2024. In March 2024 alone, researchers recorded and blocked 6755 such attacks.
The peculiarity of this attack is the use of an outdated file format, personalization of attachments and obfuscation of URLs. Format. RTF is not common these days, which reduces suspicion among email recipients, the researchers explain. Moreover, traditional email filtering systems rarely flag such attachments as suspicious. Therefore, victims are more inclined to open .RTF files received by e-mail.
The hackers also apply attachment name personalization to increase the victim's trust. The file name in the email is adapted to the domain of the target company, which gives the impression that the attachment is related to the organization itself.
In addition, in .RTF files contain links that are disguised in such a way that at first glance they look safe and lead to well-known sites, such as microsoft.com. However, hackers use the @ symbol to redirect to malicious sites. For example, a link might look like this: https://www.microsoft.com@malicious-site.com/invoice.pdf. In this case, the browser ignores anything in front of the @ symbol and jumps to the address after it.
This method allows attackers to mislead users who do not validate full URLs. This approach demonstrates that cybercriminals continue to improve their methods, and organizations need to take protective measures to avoid becoming their victims.
Source
Hackers have found a new way to use the Rich Text Format (.RTF) in phishing attacks. Cybersecurity experts from Ironscales report a sharp increase in the number of such campaigns in 2024. In March 2024 alone, researchers recorded and blocked 6755 such attacks.
The peculiarity of this attack is the use of an outdated file format, personalization of attachments and obfuscation of URLs. Format. RTF is not common these days, which reduces suspicion among email recipients, the researchers explain. Moreover, traditional email filtering systems rarely flag such attachments as suspicious. Therefore, victims are more inclined to open .RTF files received by e-mail.
The hackers also apply attachment name personalization to increase the victim's trust. The file name in the email is adapted to the domain of the target company, which gives the impression that the attachment is related to the organization itself.
In addition, in .RTF files contain links that are disguised in such a way that at first glance they look safe and lead to well-known sites, such as microsoft.com. However, hackers use the @ symbol to redirect to malicious sites. For example, a link might look like this: https://www.microsoft.com@malicious-site.com/invoice.pdf. In this case, the browser ignores anything in front of the @ symbol and jumps to the address after it.
This method allows attackers to mislead users who do not validate full URLs. This approach demonstrates that cybercriminals continue to improve their methods, and organizations need to take protective measures to avoid becoming their victims.
Source
