Researchers have identified a never-before-seen method for sneaking malicious links into email inboxes.
The clever trick takes advantage of a key difference in how email inboxes and browsers read URLs, according a Monday report by Perception Point.
The attacker crafted an unusual link using an “@” symbol in the middle. Ordinary email security filters interpreted it as a comment, but browsers interpreted it as a legitimate web domain. Thus the phishing emails successfully bypassed security, but when targets clicked on the link inside, they were directed to a fake landing page nonetheless.