A common way for attackers to evade security solutions is to include URL redirects in the body of an email. For security solutions to effectively determine if the URL is malicious or not, they would have to scan every redirect and check the content. If there are too many redirects, that becomes infeasible.

We see this technique being used in the email below that was missed by ATP.



In the screenshot below we see the link attached to the “Keep Password” button. You'll see a few legit redirects that obfuscate the link's malicious payload. In this attack, hackers are using two legitimate services: photobox.co.uk and adobe.com to help redirect the malicious URL.


Avanan’s AI was able to detect this attack because it uses language that is common in phishing emails and our AI is trained to detect phishing language.

Subscribe to Our Attack Briefs for More Research