Palo Alto's Unit 42 threat intelligence team wants to alert the security industry to an increasingly common tactic used by phishers to collect victim credentials.
Unlocking the Secrets of Phishing Email Header Analysis: The Ultimate Step-by-Step Guide
Infoseccers say they had seen the crooks abusing update entries in HTTP headers for around 2,000 large-scale phishing campaigns between May and July this year, although this practice has been observed throughout the year.
In this case, embedding malicious URLs in a web page's response header means that visitors to the web pages are automatically redirected to malicious web pages. Once this is done, attackers will usually spoof the login pages of well-known providers to steal the user's password.
The attack begins like any other phishing-based incident. An email is sent to a target that contains a link that usually mimics a legitimate or compromised domain, making the job of finding one more difficult.
