We Design With Aptitude

New Advanced Phishing Plot Detected By Microsoft

Microsoft is spreading the word about a phishing campaign that's been going on for months. It utilizes open redirector links which in the main, helps for URL shortening.

How does it work?
A redirect service is an information management system, which provides an internet link that redirects users to the desired content. The typical benefit to the user is the use of a memorable domain name and a reduction in the length of the URL or web address. A redirecting link can also be used as a permanent address for content that frequently changes hosts

Summary Of Redirector
  1. for URL shortening;
  2. to prevent broken links when web pages are moved
  3. to allow multiple domain names belonging to the same owner to refer to a single web site
  4. to guide navigation into and out of a website
  5. for privacy protection
  6. for hostile purposes such as phishing attacks or malware distribution.

As with most internet application technologies, there are cowboys and Indians in the wild(west) looking for means and ways to transgress by subterfuge and make a financial gain at someone else's expense. Most of the time, their victims are the internet's newbies and since these numbers are dwindling, they are looking at new ways to formulate a far more advanced attack that seasoned internet users can be caught in the net as well.

This scam is the next evolution of phishing scams, as many users are trained or compelled to hover over links and assess the URL before clicking on it. However, by using sneaky redirects, these scammers are able to disguise the links themselves as seemingly valid links.

Microsoft hasn't made public the number of victims who have fallen for this scam. But if they're issuing a statement about it, it's likely that a sizeable number have fallen to these nefarious scammers.

How Does This Scam Work?
Like most phishing scams, this one starts with an email. According to advice from Microsoft, this email will look fairly professional and will ask the user to click a link. At this point, more experienced users might be apprehensive and check the link for any signs of phishing. However, these links are well-crafted and may fool even the most diligent eye.

Upon clicking this link, the user will be lead to a page that, again, will look very professional, even asking for a reCAPTCHA verification. This page will then ask for the user's password.

“If the user enters their password, the page refreshes and displays an error message stating that the page timed out or the password was incorrect and that they must enter their password again.”

“Once the user enters their password a second time, the page directs to a legitimate Sophos website that claims the email message has been released. This adds another layer of false legitimacy to the phishing campaign.” – Microsoft Blog

While it's a quick process, it's all the scammers need in order to fool some people into giving away their login credentials. And with the believability of these emails, it's likely that a lot of people are falling victim to it.

How Dangerous Is This Scam ?
Like most scams, they can only spell bad things for the victims. The specifics of this scam aren't actually widely known yet, but the fact that it's harvesting users' usernames and passwords is a bad omen.
By using this information, scammers can access the victim's accounts and view/send emails. The emails they're viewing might hold even more sensitive data, like banking information or addresses.

If you think you've fallen victim to this scam or something similar, the best thing you can do to protect yourself is immediately changing your password, which will hopefully make the old password invalid. It would also pay to keep an eye on your accounts over the coming weeks to make sure no unusual activity is going on.

How to Protect Yourself Online
This scam is one of many, as phishing scams have seen a massive increase over the past couple of years. Outside of general caution and attention to detail, what can the everyday person do to avoid falling victim to such a scam?

One of the best ways to avoid such a trap is to install anti-virus software. When given access to your email account, anti-virus software can give every incoming email a quick scan and warn you of any suspicious links. In a more general online security sense, it's always a good idea to install a VPN. Using a VPN while browsing online is like wearing a mask in a public area. It will help you avoid detection, as well as any harmful third parties, like phishing scams or hackers.

Another thing you can do is use a password manager. Password managers allow you to stay on top of your various accounts and login information, meaning you won't have to rely on your memory or storing them somewhere where they might be compromised.

Back To Tech News

What We Do

Being abreast with technology is a very tasking procedure especially if you are a small enterprise. We can take the load off or make it more bearable - making sure all the tools with regards to your site for updating dynamic content, branding and bespoke marketing responsive HTML5 emails are at your finger tips. Adding new functionalities as you grow is the default.

Our Approach

We believe in utilizing the power and influence of the Internet to help clients grow their business. Building results-driven digital solutions that is leveraged on current methodology and technology. This synergy results in a platform with cutting-edge design, development, branding and marketing. However, if all the aforementioned is to be accomplished, you need people with the know-how and wherewithal to put it all together.

Why Choose US

Our strategic services provide customized, digital solutions to turn your business into an industry leader. Our team plan, design, and develop outstanding website solutions that are in tandem with current technologies. Responsive websites from a single code base. Thus, making scaling up and enhancement very flexible.

The platform called the internet, to all intents and purposes comprise of websites. These in turn, are made-up of individual pages with common hyper-links interspersed. In it default state, it is very much a visual medium. Hence, in the design of a web-page, foremost in the structure and layout construction must be the end goal - rendition in a web browser.

The interactions within a web-page interface and layouts can only be experienced as a whole not through fragmentations. That is why our design approach in creating bespoke responsive website is unique. Most agencies will present you during the initial stages of design and deliberations, with mock-ups. We do not think these processes and procedures serve any purpose because fragmentations will never provide or emulate anything close to the real thing. Here at Torometech, we use your initial brief to design an interface that will showcase all the salient features your services or products exhibit.


Work, rest and play makes for a healthy body, mind and soul. Here, we adhere to these principles to the letter

Our Numbers

We are passionate about design & developments. We also understand the imperative of a website. It is not the frills of shiny vector graphics but the combination of a well throughout plan with and objective to accomplish

Our Services

No Of Clients



Lines Of Code