URL Obfuscation Technique Used in Spam Campaign
NJCCIC Alert
Original Release Date: 9/28/2020
Summary
Web browsers typically accept user-friendly domain names (hxxps://google[.]com) or dotted decimal IP address (hxxps://216.58.199[.]78). Cyber-criminals continue to change tactics and techniques to evade detection with the use of URL obfuscation in a recent spam campaign. They are using hexadecimal IP addresses (hxxps://0[x]D83AC74E) as the URL link in emails to deceive both the email gateway and user, and direct the user to their spam websites.
Recommendations
The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to exercise caution with links and attachments received from unknown contacts, navigate directly to authentic vendor websites, keep applications up to date, enable multi-factor authentication where available, and implement a defense-in-depth cybersecurity strategy. We also recommend reviewing the NJCCIC product Don’t Take the Bait! Phishing and Other Social Engineering Attacks and the NJCCIC’s Cybersecurity Best Practices webpage for more information on how to keep accounts and data safe. For more information, please review the Trustwave article.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.