If you’ve been on the Internet, then you’ve run into a 404 error page. According to Lifewire, “a 404 error is an HTTP status code that means that the page you were trying to reach on a website couldn’t be found on their server. To be clear, the 404 error indicates that while the server itself is reachable, the specific page showing the error is not.” The server’s there but the page isn’t.
404 error pages usually happen when you enter the web address incorrectly into the address bar in your browser or click on a “dead” link. Now, there are two really interesting aspects to error pages that make them appealing to hackers.
First, any incorrect web address you enter for a server will take you to the 404 error page. And, since there are an infinite number of ways to enter a web address incorrectly, this offers hackers the opportunity to create an infinite number of malicious links linking to the same error page. Theoretically, hackers could send out a million emails each with their own unique malicious link. That’s pretty appealing.
The other thing that makes error pages interesting to hackers is they can customize them to be anything they want. They don’t actually have to have a message saying “404 Page Not Found Error.” They can do anything they want on that page, including creating a sign in box on a fake landing page to grab your credentials. And that’s exactly what Microsoft discovered was happening just last week,
According to an article on Bleeping Computer, “Microsoft security researchers discovered an unusual phishing campaign which employs custom 404 error pages to trick potential victims into handing out their Microsoft credentials. The custom 404 error pages these attackers use to harvest their victims’ credentials are perfectly camouflaged as legitimate Microsoft account sign-in pages, down to the smallest details.”
There’s no way the average user will be able to identify this as a phishing scam. I don’t care how much security awareness training they’ve had. To protect yourself from schemes this intricate, you’re going to need a little help.
Allow me to introduce you to a little help: Phish Protection. The low cost, cloud-based phishing protection solution that doesn’t fall for fake 404 error pages or any other phishing tactic. Phish Protection works with all the popular email solutions, can be set up in 10 minutes and comes with all these features:
- Smart Quarantine
- Real-time link click protection
- Display name spoofing protection
- Domain name spoofing protection
- Malicious attachment blocking
- SPF, DKIM and DMARC
It’s time to stop worrying about phishing.