Phishers have found a way of moving the malicious URLs in their emails past Office 365’s protections. The security company Avanan says they’ve observed criminals using a [base] tag in the HTML header used with the URL.
The hack works because newer email clients are equipped to handle the [base] tag, and they render the split URL as a link. Office 365’s Advanced Threat Protection includes Safe Links, which checks links in emails against a blacklist.
Avanan calls the technique “baseStriker.” It works against Microsoft Outlook clients that support the [base] tag. Gmail is said to be immune. Avanan has informed Microsoft, which is investigating. In the meantime, Microsoft has told SecurityWeek, “We encourage customers to practice safe computing habits by avoiding opening links in emails from senders they don’t recognize.”
That’s a start, but it would be better to also tell them to not open an attachment they did not ask for, and use the phone to verify before opening.
Any organization should reinforce this with some realistic, interactive security awareness training. Remember that technical defensive layers always have their limitations, which hackers are continuously exploiting.
To read the full article, please visit KnowBe4’s blog at https://blog.knowbe4.com/heads-up-new-attack-blindsides-microsoft-office-365-anti-phishing-filter-and-blacklists.
Comments on New Attack Blindsides Microsoft Office 365 Anti-Phishing Filter and Blacklists