Hackers have found a way to circumvent mailbox security solutions. A higher number of phishing emails end up in employees’ inboxes as a result.
Through Google Accelerated Mobile Pages (AMP), hackers can still get phishing messages into companies’ mailboxes. Hackers extend the URL leading to the malicious phishing site with the Google AMP URL. That way, email security tools let the message through immediately. The practices were noticed by researchers at Cofense, who published a blog about it yesterday.
Google AMP was developed to make Web page content load faster on smartphones. Google hosts the AMP websites on its own servers.
“Phishing campaigns abusing the Google AMP services picked up during May and haven’t left the threat landscape since. Overall, we have seen the volume oscillate drastically throughout recent weeks,” the researchers write.
Part of a series of tricks
The researchers observed that URL extension is often accompanied by other tricks to circumvent security tools. For example, hackers more often disguise phishing sites in images because security tools often use text scanners to search for suspicious URLs.
It was previously noted that the number of image-based phishing attacks is on the rise. Hackers now appear to be refining the technique to give their phishing email a good chance of reaching the recipient.
However, the recipient still has to open the URL or leave private information before the attack is successful. Workers only appear to be less resilient to phishing emails. Without training, a third of Europeans fall for the technique. Training drops the percentages but can never bring it to zero.