Phishing hack that mirrors Google login site—minus the URL

Phishing attempts reported on last month use a mirror image of Google-domain login pages—familiar logos and CAPTCHAs included. There’s one glaring characteristic in an otherwise twin-like version of the site, however: a weird-looking URL.

The “bit-for-bit” impersonation—shown in a blog post from the cloud-based email security provider Avanan—is a reminder for everybody to hit the half-speed button and slow down a bit to spot irregularities that indicate an attack.

Hovering over links—an important countermeasure,—will reveal a less-reliable-sounding URL than the expected login address. The phishy URLs contain phrases like “boiling-fortress” or “spidervella,” instead of, say, “google.”

The hack:

  • The user is emailed an “action required” notification of an expired password.
  • They click the link and see a familiar login page, which the hackers are dynamically mirroring. (“A lot of phishing campaigns will falter because they look silly, or there’s tons of spelling errors, or something’s off, and it’s just really noticeable. This one looks exactly like your real site,” Jeremy Fuchs, Avanan cybersecurity researcher and analyst, told IT Brew.)
  • The user’s email address is even pre-populated in the login form.

While the “boiling-fortress” or “spidervella” aspects of the URL do sound a bit silly, or at least like a band-name idea, not everyone looks at the address, said Fuchs, especially people in a hurry.

The attack is reminiscent of tactics deployed in late 2020 by the group SPAM-EGY—an advanced persistent threat (APT) group that used dynamically updated, realistic-looking Microsoft 365 logins to target higher-education users.

Phishing still works. A 2022 Incident Response Report from the cybersecurity company Palo Alto Networks found that phishing was one of three vectors responsible for over 77% of the team’s intrusion investigations—along with brute-force credential attacks and exploitation of software vulnerabilities.

While a copycat site could lead a company to potentially take legal action, the landing pages often disappear as quickly as they launch.

“These are typically up and down so quickly, and they happen at such volume, that it’s pretty rare for organizations to even have the opportunity to reach out, go to a registrar for a takedown, or anything like that,” Jen Miller-Osborn, deputy director of threat intelligence for Unit 42 at Palo Alto Networks, said.

For an agile attack that Fuchs called “one of the more effective campaigns we’ve seen” in his Avanan blog post, an essential strategy, beyond link-hovering, is to take a breath.

“It’s really all about slowing down,” said Fuchs. “We’re all moving so fast, that we don’t look at the things that are right in front of us, telling us that we shouldn’t click on it.”

Hot this week

The Hidden Dangers of Over Reliance on Security Tools

Adding more security tools can increase complexity and blind spots instead of improving protection, so focus on integration and training over new purchases.

How Poor MFA Setup Increases Your Attack Surface

Multi-factor authentication is essential for security, but flawed implementation can expose your organization to greater risks than having no MFA at all. Learn how to properly configure MFA to avoid common pitfalls and strengthen your defenses.

The Blind Spots in Your Vulnerability Management Program

Automated vulnerability scanning often creates dangerous blind spots by missing nuanced threats that require human analysis, leading to false confidence in security postures.

Multi Factor Authentication Myths That Put Your Data at Risk

Multi-factor authentication creates a false sense of security when implemented without understanding its vulnerabilities, particularly in global contexts where method choices matter more than checkbox compliance.

The Overlooked Flaws in Multi Factor Authentication

Multi factor authentication is often presented as a security panacea, but hidden flaws and implementation gaps can leave organizations vulnerable despite compliance checkboxes.

Topics

The Hidden Dangers of Over Reliance on Security Tools

Adding more security tools can increase complexity and blind spots instead of improving protection, so focus on integration and training over new purchases.

How Poor MFA Setup Increases Your Attack Surface

Multi-factor authentication is essential for security, but flawed implementation can expose your organization to greater risks than having no MFA at all. Learn how to properly configure MFA to avoid common pitfalls and strengthen your defenses.

The Blind Spots in Your Vulnerability Management Program

Automated vulnerability scanning often creates dangerous blind spots by missing nuanced threats that require human analysis, leading to false confidence in security postures.

Multi Factor Authentication Myths That Put Your Data at Risk

Multi-factor authentication creates a false sense of security when implemented without understanding its vulnerabilities, particularly in global contexts where method choices matter more than checkbox compliance.

The Overlooked Flaws in Multi Factor Authentication

Multi factor authentication is often presented as a security panacea, but hidden flaws and implementation gaps can leave organizations vulnerable despite compliance checkboxes.

The Hidden Costs of Security Compliance

Compliance frameworks often create security blind spots by prioritizing checkbox exercises over real threat mitigation, leading to breaches despite passing audits.

The Illusion of AI in Cybersecurity

AI security tools often create alert fatigue instead of protection, but focusing on human oversight and measured deployment can turn them into effective assets.

The Overlooked Risk of Shadow IT

Shadow IT poses a greater risk than many external threats by bypassing security controls, and managing it effectively requires understanding employee needs rather than simply blocking unauthorized tools.
spot_img

Related Articles

Popular Categories