Misuse of the link wrapping function

Phishing with Proofpoint: Cyber attack disguises itself as a security link

Phishing, phishing proofpoint, proofpoint link wrapping, microsoft 365 phishing, Proofpoint, Link
Image source: II.studio / Shutterstock.com
LinkedInRedditWhatsAppPocket

Deutsch This article is also available in German.

Cyber criminals are currently using a sophisticated trick to carry out targeted phishing attacks. The method abuses Proofpoint’s link wrapping system and leads unsuspecting users to manipulated Microsoft 365 pages.

Attack via known security platform

In a recent analysis, Cloudflare has uncovered a phishing campaign that specifically exploits trust in established security solutions. According to the report by the in-house security unit Cloudforce One, attackers manipulate links via Proofpoint – a service that is actually designed to protect email communication.

Ad

Trust becomes a weak point

Phishing remains the most widespread method of digital attack. It becomes particularly dangerous when deception meets well-known security services. Users often do not recognize the danger as the links appear to come from a reliable source. This is precisely what attackers exploit by relying on Proofpoint protection to make their fraudulent URLs appear credible.

Two ingenious methods

The attackers use two strategies:

1. misuse of compromised email accounts:

They attack internal accounts in Proofpoint-protected organizations and send deceptively genuine emails with hidden phishing links. As Proofpoint automatically rewrites these links, they appear completely legitimate to the recipient.

Ad

2. multi-level detour:

First, the attackers shorten their malicious links with public URL shorteners. They then redirect them via Proofpoint, creating a multi-stage redirection chain. This disguises the actual target and makes detection by security solutions considerably more difficult.

Security mechanisms as a gateway

Cloudforce One emphasizes how cleverly the perpetrators use existing protection systems against their actual purposes. The deception works so well precisely because it feigns trust and thus lures even cautious users into the trap.

Conclusion: vigilance despite security solutions

The findings show that technical protection mechanisms alone are not enough. Attention is also required for seemingly secure links. In its full report, Cloudflare provides further details and recommendations for action to better protect organizations from such attacks.

Further information:

You can find the entire report here.

(vp/Cloudflare)


Ad

Weitere Artikel

AOL discontinues dial-up Internet service after 34 years
Bitcoin extends weekend gains
Security vulnerability in WinRAR actively exploited
OpenAI: GPT-4o returns after shaky GPT-5 start