Phishing campaigns are using Google AMP URLs to avoid detection

Summary

  • AMP is an open-source HTML framework that makes web content load faster on mobile devices.
  • Researchers have found a new phishing tactic that uses Google AMP to make URLs look trustworthy.
  • The tactic involves using the URL of a web page cached by the Google AMP Viewer. This URL looks similar to the original URL, but it is actually served from the google.com domain.
  • This gives the malicious website the legitimacy of the google.com domain, which can trick users into entering their personal information.
  • The researchers found that the Google AMP URLs have proven to be very successful at reaching users, even in environments protected by secure email gateways.
  • Along with using Google AMP URLs, the researchers also saw other techniques being used in phishing attacks, such as open redirects on trusted domains, chains of redirects linking the AMP URL to the malicious site, image-based phishing emails, and CAPTCHA services to disrupt automated analysis.
  • To avoid phishing attacks, it is important to not take things at face value for messages requiring urgent attention. It is also important to use a phishing-resistant password manager and a FIDO2 2FA device.
Kallioapina,
@Kallioapina@lemmy.world avatar

Main reason I started using Kiwi browser on my mobile some years back (3-4?) was that it blocks AMP-sites. Ability to run many chrome extensions has been also a good plus, though interacting with some interfaces on them is sometimes difficult or downright impossible.

5in1k,

I hate amp. So annoying when it ever comes up.

chalupapocalypse,

Is there a way to block amp links on my firewall?

Vilian,

AMP is a lie searchengineland.com/the-amp-is-a-lie-278401

it just serve to give google more power, and they are using it to introduse DRM now

Im28xwa,

Really informative article, thanks!

Maajmaaj,
@Maajmaaj@lemmy.ca avatar

Conspiracy theory I just created with no research whatsoever: Google came up with this exploit themselves as a false flag to gain support for WEI.

MaggiWuerze,
@MaggiWuerze@feddit.de avatar

Ooorrrrr… AMP is just a shit piece of technology that’s sole purpose is to shovel all your information into Googles gaping maw by obfuscating urls behind an AMP link and these phishers just took it to it’s logical conclusion.

I the end Google needs to be broken up and Chrome AND Chromium each need to be their own thing like Firefox is

Maajmaaj,
@Maajmaaj@lemmy.ca avatar

I hate amp too I just have a vivid imagination is all, lol.

resketreke,
@resketreke@kbin.social avatar

Another new type of phishing I've been seeing in my junk mail uses links to Bing. Not sure what it does because, as you can understand, I haven't clicked any of those.

By the way, if you use Firefox, there's this little add-on called "Redirect AMP to HTML" that might be useful to prevent this (or maybe not, I don't know).

traveler01,

AMP is the biggest cancer ever created in the web.

Virkkunen,
@Virkkunen@kbin.social avatar

There's manifest V3 and WEI though.

In the end, Google just keeps one upping themselves in creating a worse web for everyone but them.

traveler01,

Sorry, I’ll rephrase it.

AMP is the biggest cancer ever created in the web… yet!

SmashingSquid,

AMP is so terrible I paid for a safari extension (amplosion by the dev of Apollo) just to get rid of it.

TheFunkyMonk,

Any incentive to stop supporting AMP sounds like a positive for the web to me.

mino,

What’s a “phishing-resistant password manager”? lol

Also: fuck Google and AMP

Elephant0991,
@Elephant0991@lemmy.bleh.au avatar

PWM saves the URL with the password record. It doesn’t auto-fill username/password on a website that the user hasn’t already approved, so it provides some phishing-resistance when the URL is unknown, or is just similar to the originally saved URL.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • [email protected]
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • Socialism
  • KbinCafe
  • TheResearchGuardian
  • oklahoma
  • feritale
  • SuperSentai
  • KamenRider
  • All magazines
    •