Microsoft warned about a new phishing campaign that uses “redirector” links, and it even includes a captcha to instill trust to steal your login credentials. Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, wrote up a “deep dive” blog entry today that helps you understand how redirection attacks work and what extra precautions you need to take if you encounter these kinds of phishing links. Should you trust a link by simply hovering over it? The answer is usually no. As Roger points out, "Knowing how to spot the difference between microsoft[dot]com and microsoft[dot]com.biztalk[dot]ru can save you a lot of misery and wasted hours. It’s still good practice to hover over the URL as a starting point to make sure it’s legit. Usually, there’s simply not enough information in the URL and many more red flags to check. Read Roger’s KnowBe4 blog article When the URL Domain Is Not Enough To Avoid a Phish) and discuss it here.