The offer in your email inbox from “amozon.com”? Most people probably know not to click on that. (If there are people in your organization who don’t, forward them this blog post on identifying suspicious URLs.)

The latest tactic used by email phishing attackers doesn’t involve changing letters of the URL. In fact, it doesn’t change anything in the URL at all. This attack changes the symbols used in the prefix that goes before the URL.

The GreatHorn Threat Intelligence Team has identified a new email attack trend, where cybercriminals are able to bypass traditional URL defenses to attack end users. The URLs are malformed, not utilizing the normal URL protocols, such as http:// or https://. Instead, they use http:/\ in their URL prefix.
[...]

https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/