Thursday, November 21, 2024

Tech News, analysis, updates, comments, reviews

Phishing hack that mirrors Google login site—minus the URL

It ‘looks exactly like your real site,’ says researcher Jeremy Fuchs.

Phishing attempts reported on last month use a mirror image of Google-domain login pages—familiar logos and CAPTCHAs included. There’s one glaring characteristic in an otherwise twin-like version of the site, however: a weird-looking URL.

The “bit-for-bit” impersonation—shown in a blog post from the cloud-based email security provider Avanan—is a reminder for everybody to hit the half-speed button and slow down a bit to spot irregularities that indicate an attack.

Hovering over links—an important countermeasure,—will reveal a less-reliable-sounding URL than the expected login address. The phishy URLs contain phrases like “boiling-fortress” or “spidervella,” instead of, say, “google.”

The hack:

  • The user is emailed an “action required” notification of an expired password.
  • They click the link and see a familiar login page, which the hackers are dynamically mirroring. (“A lot of phishing campaigns will falter because they look silly, or there’s tons of spelling errors, or something’s off, and it’s just really noticeable. This one looks exactly like your real site,” Jeremy Fuchs, Avanan cybersecurity researcher and analyst, told IT Brew.)
  • The user’s email address is even pre-populated in the login form.

While the “boiling-fortress” or “spidervella” aspects of the URL do sound a bit silly, or at least like a band-name idea, not everyone looks at the address, said Fuchs, especially people in a hurry.

The attack is reminiscent of tactics deployed in late 2020 by the group SPAM-EGY—an advanced persistent threat (APT) group that used dynamically updated, realistic-looking Microsoft 365 logins to target higher-education users.

Phishing still works. A 2022 Incident Response Report from the cybersecurity company Palo Alto Networks found that phishing was one of three vectors responsible for over 77% of the team’s intrusion investigations—along with brute-force credential attacks and exploitation of software vulnerabilities.

While a copycat site could lead a company to potentially take legal action, the landing pages often disappear as quickly as they launch.

“These are typically up and down so quickly, and they happen at such volume, that it’s pretty rare for organizations to even have the opportunity to reach out, go to a registrar for a takedown, or anything like that,” Jen Miller-Osborn, deputy director of threat intelligence for Unit 42 at Palo Alto Networks, said.

For an agile attack that Fuchs called “one of the more effective campaigns we’ve seen” in his Avanan blog post, an essential strategy, beyond link-hovering, is to take a breath.

“It’s really all about slowing down,” said Fuchs. “We’re all moving so fast, that we don’t look at the things that are right in front of us, telling us that we shouldn’t click on it.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get notified whenever we post something new!

spot_img

Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Concerns about the ICT Bill 2024 in Kenya

THis post has been updated after the attention it is gannering. The original post can be found here: https://web.archive.org/web/20240813033032/https://blog.blancorpsolutions.com/kenya/concerns-about-the-ict-bill-2024-in-kenya/ Kenya's tech industry has been a beacon of innovation and growth, thanks in part to a regulatory environment that has allowed...

What are the real intentions of tracking IMEI numbers?

Imagine if you had a magic map that could show you where all your favorite toys were at any time. Sounds pretty? Well, in Kenya, the government wants to do something similar, but with people’s phones. They plan to...

The Tor Project + Tails, A Game-Changing Merger for Privacy Advocates

In a significant development for digital privacy enthusiasts, the Tor Project and Tails have merged their operations, uniting two of the most trusted tools in the fight against online surveillance. This merger, announced this month, combines the power of...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.