lvfere.blogg.se

But a closer look reveals that the hyperlink employs “hxxps://google.lv/url?q=,” which tells Google to query a specific URL or string. It therefore doesn’t raise red flags with many perimeter security tools. Under that pretense, the email instructed recipients to click on an embedded “View Invoice” hyperlink button.Īt first glance, the top-level domain for the hyperlink button appears to be google.lv, the home page for Google Latvia.

The message informed recipients that they had a new invoice awaiting payment.

In mid-September, the Cofense Phishing Defense Center came across a phishing email that originated from a compromised email account for a recognizable American brand. Digital criminals used percentage-based URL encoding to help their phishing campaign evade detection by secure email gateways.