How are the Attackers Manipulating YouTube for Phishing?
Attackers are using YouTube redirect links; the malicious redirects send victims to a phishing page whitelisted by various security defense mechanisms to evade detection.
Fremont, CA: The researchers are warning people for a rise in phishing emails that uses YouTube redirect links that help the attackers to skirt the traditional defense measures. If web browser phishing filters block a specific malicious URL, the attackers generally redirect URL to surpass these filters and redirect the victim to their phishing landing page. In previous campaigns, URL redirects have been used, including malicious redirect code affecting WordPress and Joomla websites and HTML redirectors being used by Evil Corp. Currently, a new campaign is using the legitimate YouTube redirect links.
Most of the organizations allow the use of platforms like YouTube, LinkedIn, and Facebook, and while the domain allows for potential malicious redirects to open without any problem. According to the researchers, the emails that are using this method originated from a fraud domain, sharepointonlinepo.com, which was recently registered. The cyber attackers purported to be with SharePoint that integrates with Microsoft Office. The email pointed out that a new file had been uploaded in the SharePoint site of the target company and also included an option to “View File.�
Even if the email looked illegitimate to a trained user, but a curious and unsuspecting end-user might click the button in the urge to view the illegitimate file. As the user clicks on the URL, they are redirected to YouTube and then immediately redirected to the other link.