Skip to main content

Posts

Showing posts from July, 2018

Not So Safe Safelinks

Today I got a phishing email for my gatech account. It was nothing special and easy to identify as phishing. So why blog about it? Because today I decided to test out safelinks. Why not, right? It's Microsoft, and they make a habit of telling me that I should use Edge because it is safer than Chrome and Firefox.

I clicked on the safelink that was hosted on eur03.safelinks.protection.outlook.com and it opened in Edge. Wait, why did I have to hit a European safelink server Microsoft, if I am in the USA? I don't remember authorizing you to do that, but then again, who cares about us in the US.

The safelink redirected successfully to logins.gatech.com which is a shameless phishing site. It pulls resources from gatech.edu but has a self hosted JS file that has the same URL path as the one in the buzzport login page. It's a clever phish and it would likely defeat most users.

So that made me mad. I put on my Cyber cape and started to dig. The IP is hosted on AWS:

Name:    login.g…