Log Phising Attack

n an error log or HTTP log phising attack, a deliberately bad request is generated with a fake referer string.

The hope is that the referer string will be displayed in your cool web-based log aggregation and monitoring service as a hyperlink – tempting operations teams to click on the link as it might explain the issue. The link of course will lead to trouble.

Exception type: MyCustomException
AbsoluteUri: http://www.example.com/
Referer: <a href="http://phishing-site-address.com/">Windows FAQ</a>

If you are using a good monitoring service, they won’t display this input as a hyperlink – but beware of visiting pages that appear in your HTTP logs or event logs like this.