Avanan's research into the SLINKIFY method was featured in SC Media. SLINKIFY is a new tactic used by hackers to take advantage of the LINKIFY tool, which renders URLs. As SC Media writes:
Here’s how it works: various email services scan email communications for any content or characters that looks like a URL (e.g. apple.com). They then, through Linkify or similar services, sometimes convert that plaintext into an actual clickable link for the convenience of the email recipient.
Apparently, scammers have come to realize that some email clients are more generous than others in terms of converting certain text into links. For instance, the mobile Gmail email client will convert text such as apple.biz and apple.io into links, while desktop Gmail will not. For mobile Gmail users, this can potentially present a problem if any links lead to a malicious website created by attackers. Likewise, this problem also extends to iOS and mobile Outlook email, which also have less stringent standards for converting text to links, Avanan reports.
Read the rest of the article below:
