Latest

Weird Phishing Campaign Uses Links With Almost 1,000 Characters


Phishing Header

A targeted phishing campaign is underway that states your email has been blacklisted and then asks you to confirm it by entering your credentials. For some reason, this campaign is using phishing links that can contain almost 1,000 characters, which is enough to make anyone suspicious.

This phishing campaign pretends to be from your mail domain’s support department and states that your email has been blacklisted due to multiple login failures. They then ask you to verify your account by logging in again or they will terminate the account.

Blacklisted Phishing Email
Blacklisted Phishing Email

If you click on these links, you will be shown a landing page with a login form that is customized for your particular domain. Below is an example of this landing page, but with the company information redacted.

Phishing campaign landing page
Phishing campaign landing page

After receiving one of these emails, Derek from My Online Security noticed that URLs in the emails are very long. I mean really long, with URLs ranging from 400 characters to close to 1,000 characters.

You can see an example of the URL that was included in the phishing email he received below.

Phishing link
Phishing link

After tweeting about this, another user stated that they just reported a similar email with a link that was 991 characters long.

It is not known what the reason is for using such long URLs unless its an effort to obfuscate the intent or to hide information in them.

Regardless, be careful of these blacklisted phishing emails and always check the URLs in emails you receive. If any look suspicious, try to not to visit them or at least be careful when you do.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top