New Phishing Technique Targets Users via Basic Auth URLs

Netcraft recently uncovered a suspicious URL targeting GMO Aozora Bank, a Japanese financial institution. The URL leveraged a legacy web technique—Basic Authentication URL formatting—to visually impersonate the bank and deceive customers.

This discovery prompted a broader review of phishing activity that still relies on this old but effective technique, exposing how threat actors can reuse deprecated web standards to bypass casual inspection.

Basic Authentication is a decades-old method for passing credentials in a URL using the format hxxps://username:password@domain.com.

Originally intended for simple access control on early web servers, it is rarely used today because embedding credentials in URLs exposes them in browser history, logs, and referer headers. Nonetheless, modern browsers continue to support this syntax, enabling attackers to exploit it for visual deception.

In phishing scenarios, the attacker places a trusted domain name in the “username” portion of the URL, immediately ...