Researchers at PhishLabs recently spotted a trend emerging in malicious web sites presented to customers: mobile-focused phishing attacks that attempt to conceal the true domain they were served from, by padding the subdomain address with enough hyphens to push the actual source of the page outside the address box on mobile browsers.

“The tactic we’re seeing is a tactic for phishing specifically mobile devices,” said Crane Hassold,  a senior security threat researcher at PhishLabs’ Research, Analysis, and Intelligence Division (RAID).

Hassold called the tactic “URL padding,” the front-loading of the web address of a malicious web page with the address of a legitimate website. The tactic, he said, is part of a broad credential-stealing campaign that targets sites that use an e-mail address and password for authentication; PhishingLabs reports that there has been a 20 percent increase overall in phishing attacks during the first quarter of 2017 over the last three months of 2016. The credentials are likely being used in other attacks based on password reuse.