Phishing Pages Delivered Through Refresh HTTP Response Header
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Unit 42 researchers observed large-scale phishing campaigns in 2024 using a refresh entry in the HTTP response header. This technique, unlike traditional HTML-based phishing, occurs before HTML content processing and automatically refreshes webpages without user interaction. Attackers distribute malicious URLs via emails, targeting global financial sector, internet portals, and government domains. The attacks use personalized approaches, embedding recipients' email addresses and displaying spoofed webmail login pages. From May to July, around 2,000 malicious URLs were detected daily. The campaigns predominantly targeted the business-and-economy sector, financial services, and government institutions. This sophisticated method makes it difficult to identify malicious indicators within URL strings and increases the likelihood of successful credential theft.
OPENCTI LABELS :
phishing,credential theft,http header,business email compromise
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Phishing Pages Delivered Through Refresh HTTP Response Header