Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Attackers Using HTTP Response Headers to Redirect Victims to Phishing Pages

    Researchers at Palo Alto Networks’ Unit 42 warn that attackers are using refresh entries in HTTP response headers to automatically redirect users to phishing pages without user interaction.

    “Unit 42 researchers observed many large-scale phishing campaigns in 2024 that used a refresh entry in the HTTP response header,” the researchers write.

    “From May-July we detected around 2,000 malicious URLs daily that were associated with campaigns of this type. Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content.

    Malicious links direct the browser to automatically refresh or reload a webpage immediately, without requiring user interaction.”

    Many of these phishing attacks are targeting employees at companies in the business and economy sector, as well as government entities and educational organizations.

    “Attackers predominantly distribute the malicious URLs in the phishing campaigns via emails,” Unit 42 says. “These emails consistently include recipients’ email addresses and display spoofed webmail login pages based on the recipients’ email domain pre-filled with the users’ information. They largely target people in the global financial sector, well-known internet portals, and government domains. Since the original and landing URLs are often found under legitimate or compromised domains, it is difficult to spot malicious indicators within a URL string.”

    Unit 42 adds that attackers are also using URL parameters to pre-fill login forms with victims’ email addresses, increasing the phishing attack’s appearance of legitimacy.

    “Many attackers also employ deep linking to dynamically generate content that appears tailored to the individual target,” the researchers write. “By using parameters in the URL, they pre-fill sections of a form, enhancing the credibility of the phishing attempt. This personalized approach increases the likelihood that the attacker will deceive the victim. Attackers have exploited this mechanism because it enables them to load phishing content with minimum effort while concealing the malicious content.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Unit 42 has the story.


    Will your users respond to phishing emails?

    KnowBe4’s Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted phishing attack without clicking on a link. PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks!

    Here’s how it works:

    • Immediately start your test with your choice of three phishing email reply scenarios
    • Spoof a Sender’s name and email address your users know and trust
    • Phishes for user replies and returns the results to you within minutes
    • Get a PDF emailed to you within 24 hours with the percentage of users that replied

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:https://info.knowbe4.com/phishing-reply-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top