SECURITY experts at cyber defense company BlueVoyant have spotted a rise in a dangerous type of phishing scam.
It’s called dynamic phishing and involves malicious website links that go undetected by security software.
BlueVoyant has published a report about the scam.
It claims there was a 240 percent increase in these phishing sites that redirect security researchers and bots away from the malicious content and to a safer link.
This allows the scammers to fly under the radar.
The report explains: “One of the more complicated ways threat actors evade detection involves multiple redirect paths, steering consumers to spoofed domains while redirecting presumed threat hunters or phishing analysts to an error page.
“These evasion mechanisms include User Agent or IP restrictions and blocklisting, with significant emphasis placed on bot and crawler detection.
“The purpose of this type of redirection is to hide the phishing content on a single website by diverting threat hunters elsewhere, i.e. the target’s official domain, a google search, etc.”
This type of scam website is particularly concerning because standard security software may not flag it.
Usually, email accounts like Gmail and browsers like Google can highlight links and websites as scams before it’s too late.
Not seeing a warning popup doesn’t necessarily mean you’re safe and you should still avoid clicking any links in a suspicious email.
Scam links can take you to sites that want to steal your personal information or sometimes they upload malware onto your device.
How to avoid a phishing scam
Firstly, you should be thorough when checking who the email is from.
Even if it looks official you should double-check the email and look for any spelling mistakes or slight abnormalities in the sender’s email address.
Never feel pressurised into opening an attachment and avoid clicking the phrase “enable content.”
You should always be wary of website links in emails.
If you’re certain an email you have received is a scam then delete it.