Phishing emails stating ‘Your email has been blacklisted’ carry extra long URLs of up to 1000 characters

• A new phishing campaign claiming that recipients’ email has been blacklisted asks for their credentials.
• This phishing campaign carries phishing links in the email body that contain almost 1000 characters.

A new phishing campaign claiming that recipients’ email has been blacklisted and asking for their credentials is going rounds. This phishing campaign carries phishing links in the email body that contain almost 1000 characters.

This phishing campaign purports to be from the email users’ mail domain's support department and states that their email has been blacklisted. The phishing email then urges users to verify their account by logging in again.

Contents of the email

This phishing campaign has subject lines like ‘<security@myonlinesecurity.co.uk> BLACKLISTED’. The body of the phishing mail stated that the recipients’ email has been blacklisted due to multiple login failures.

“Dear Info, Your email account has been BLACKLISTED under the myonlinesecurity.co.uk Mail Network server due to subsequent Verification failure on your account. Our services term will terminate its service within 24-hrs to your account of proper verification is not done. We recommend that you upgrade and verify your email account now to avoid suspension,” the email message read, BleepingComputer reported.

The phishing email also carries a link to confirm email account. Upon clicking on the link, users will be redirected to a landing page which contains a login form. The login form is customized depending on the user’s mail domain.

Extra long URLs

The link in the phishing email contains almost 1000 characters. Researchers noted that the URLs are extra long ranging between 400 to 1000 characters.

A security researcher from My Online Security, who goes under the name ‘dvk01uk’ tweeted that this phishing campaign is getting annoying with extra long URLs. He also added the screenshot of the phishing email in the Twitter post.

“These phishing scams are really getting annoying with all the ultra long urls It is getting ridiculous,” he tweeted. Another user said that he noted that a similar email with a link containing 991 characters.

The reason for using such long URLs remains unknown, however, researchers noted that this might be an effort to obfuscate the intent or to hide information in them. Nevertheless, researchers recommended email users to be cautious of such blacklisted phishing emails and requested users to always check the URLs in emails they receive.