The Phishing attacks are a method widely used by hackers to steal information and passwords. Basically it is a strategy that consists of launching a bait in order for the victim to put their data and thus obtain the keys. In this article we echo a warning from Microsoft, where they report the increase in the technique through what is known as HTTP Request Smuggling.
Microsoft alerts of new Phishing campaigns
From Microsoft they have reported that they have seen an increase in malicious campaigns that are based on HTTP Request Smuggling, which attacks how a website processes HTTP request sequences. It must be borne in mind that they are vulnerabilities that are often critical in nature, which is why attackers manage to bypass security measures.
This type of threat is capable of putting different types of devices at risk. For example it can affect a web server, proxy or firewall. It is not a new technique, but it has been refining its attacks over time and reaching more systems.
The main risk with this type of technique is that in many cases the antivirus are not able to detect them. Antivirus engines have a database with previously discovered threats, but in case it is something new and has not been previously discovered, things get complicated.
An example of all this could be an HTML attachment that could include a harmless link that leads to another website that is theoretically legitimate and has no danger.
How to avoid these types of attacks
So what can we do to prevent security attacks of this type? The most important thing is always going to be common sense. We must avoid making mistakes such as opening an attachment that we have received by email, installing a program from unofficial sources, etc.
On the other hand, it is very important to have a good antivirus, which is up-to-date, as well as having the latest versions of the operating system to avoid any type of threats. This will prevent the entry of many threats that could put computers at risk.