this post was submitted on 08 Aug 2023
282 points (99.6% liked)

Technology

59342 readers
5254 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
282
Phishing campaigns are using Google AMP URLs to avoid detection (www.malwarebytes.com)
submitted 1 year ago by Elephant0991@lemmy.bleh.au to c/technology@lemmy.world
11 comments fedilink hide all child comments
 

Summary

  • AMP is an open-source HTML framework that makes web content load faster on mobile devices.
  • Researchers have found a new phishing tactic that uses Google AMP to make URLs look trustworthy.
  • The tactic involves using the URL of a web page cached by the Google AMP Viewer. This URL looks similar to the original URL, but it is actually served from the google.com domain.
  • This gives the malicious website the legitimacy of the google.com domain, which can trick users into entering their personal information.
  • The researchers found that the Google AMP URLs have proven to be very successful at reaching users, even in environments protected by secure email gateways.
  • Along with using Google AMP URLs, the researchers also saw other techniques being used in phishing attacks, such as open redirects on trusted domains, chains of redirects linking the AMP URL to the malicious site, image-based phishing emails, and CAPTCHA services to disrupt automated analysis.
  • To avoid phishing attacks, it is important to not take things at face value for messages requiring urgent attention. It is also important to use a phishing-resistant password manager and a FIDO2 2FA device.
all 16 comments
sorted by: hot top controversial new old
[–] TheFunkyMonk@lemmy.world 59 points 1 year ago* (last edited 1 year ago)

Any incentive to stop supporting AMP sounds like a positive for the web to me.

[–] Vilian@lemmy.ca 46 points 1 year ago (1 children)

AMP is a lie https://searchengineland.com/the-amp-is-a-lie-278401

it just serve to give google more power, and they are using it to introduse DRM now

[–] Im28xwa@lemdro.id 1 points 1 year ago

Really informative article, thanks!

[–] chalupapocalypse@lemmy.world 15 points 1 year ago

Is there a way to block amp links on my firewall?

[–] 5in1k@lemm.ee 13 points 1 year ago

I hate amp. So annoying when it ever comes up.

[–] resketreke@kbin.social 9 points 1 year ago

Another new type of phishing I've been seeing in my junk mail uses links to Bing. Not sure what it does because, as you can understand, I haven't clicked any of those.

By the way, if you use Firefox, there's this little add-on called "Redirect AMP to HTML" that might be useful to prevent this (or maybe not, I don't know).

[–] Kallioapina@lemmy.world 7 points 1 year ago

Main reason I started using Kiwi browser on my mobile some years back (3-4?) was that it blocks AMP-sites. Ability to run many chrome extensions has been also a good plus, though interacting with some interfaces on them is sometimes difficult or downright impossible.