Avanan’s research on malicious hyperlinks bypassing security software was featured in TechRepublic. Cybercriminals creating phishing emails use a descriptive coding technique to fool security scanners. In the blog, Avanan describes this technique as “Quoted-printable” to disguise malicious links as legitimate. As TechRepublic writes:


In this technique, 8-bit text such as foreign characters are turned into 7-bit text, which is readable in the email program…Specifically, the hackers add an equal sign to the end of the URL for the malicious link. But rather than type the equal sign as =, they encode the phrase “=3D,” which is an obscure method of writing the sign using Quoted-printable. Your email reader can understand and interpret the Quoted-printable code, but the cybercriminals are betting that your security product won’t be able to detect the malicious link.

Read more here.