by Danny Bradbury
Phishing sites are common, but this week the internet found a strange strain that’s a little rarer: a phishing site with a URL almost a thousand characters long. Experts have a good theory about why a scammer would go to all that trouble.
Bleeping Computer learned of a strange phishing campaign which uses an unusually long URL. The mail purports to come from your email provider, telling you that your account has been blacklisted due to multiple login failures. The phisher tries to hook your mail login credentials by getting you to log in again, but of course, the link it provides isn’t really a link to your login provider’s page.
Phishing links generally arrive behind an innocuous piece of text like ‘log in’, ‘reauthorise’ or ‘validate’. Hyperlinks separate the text from the actual links that they follow, though, and unless a victim hovers over the text or right-clicks it, or checks the address bar of their browser after clicking on the link, they won’t know what sites they’re really visiting.
Phishers are aware of this and diligent ones will try to lure you with a URL that looks plausible. They’ll use tricks like top-level domains (TLDs) designed to look like the last couple of words in a legitimate domain, or homographs that use foreign character sets to create English-looking letters. Hyphens and subdomains are also a good way of creating URLs that look like a legitimate site at first glance.
This phisher didn’t bother with any of that. The link they provided was a domain that looked nothing like the recipient’s email domain. Moreover, it also used a ridiculously long combination of subdirectory and page name (those are the folders and actual pages after the top level domain …
Author: Danny Bradbury