September 23, 2022
New Phishing Scam Uses Morse Code to Carry Out Attacks

New Phishing Scam Uses 1830s Technology to Fool the Most Modern Security Tools

Threat actors have reinvented phishing with an improvement that relies on Morse code to beat the most technologically advanced security protocols…

There’s a new phishing campaign going around the internet. This time, it’s one that uses technology of nearly one hundred-ninety years ago. The scheme begins with a spam email purportedly containing a payment invoice. Per usual, an HTML file that is designed to look like an Excel spreadsheet is attached to the message. But, it’s unusual because it hides malicious URLs behind Morse code, and therefore, can bypass secure mail gateways and mail filters.

New Phishing Scam Uses Morse Code to Carry Out Attacks

The fraudulent emails includes JavaScript entries that correlate letters and numbers to Morse code. The script then implements a decodeMorse() function to translate the Morse code into a hexadecimal string, and subsequently JavaScript tags, that are injected into the attached HTML page. This is what makes the scheme so dangerous — it can easily circumvent any security protocols.

The attached fake Excel spreadsheet prompts the potential victim to enter their Office 365 credentials. This, of course, is simply a method for attackers to steal an individual’s username and password. Once such sensitive information is obtained, hackers can take control of victims’ accounts for malicious purposes.

Owen E. Richason IV

Covers social media, apps, search, and similar news. History buff, movie, and theme park lover. Blessed dad and husband.     

View all posts by Owen E. Richason IV →