- By using traffic generators, phishers ensure that the redirector page is the top search result for certain keywords or for very specific terms so as to guide users to the actual phishing page.
- User can easily avoid disasters by closely inspecting the page's URL to avoid common phishing pages.
The year 2019 saw a rise in phishing activity reaching new levels of creativity and sophistication. According to Microsoft, phishing attempts grew from under 0.2 percent of all emails analyzed worldwide in January 2018, to around 0.6 percent in October 2019.
Meanwhile, the Redmond-based tech giant also noted that the number of ransomware, crypto-mining, and other malware infections has gone down from the previous records. The company has published a blog where it reviewed three of the more clever phishing attacks it observed and traced this year.
Hijacking search results
It is a multi-layered malware operation through which criminals poison Google search results to lure users to phishing pages.
- Phishers manipulate legitimate URLs through harmless-looking redirectors to compromised websites, which leads to phishing.
- They also move hijacked web traffic to websites they control.
- By using traffic generators, phishers ensure that the redirector page is the top search result for certain keywords or for very specific terms.
- Phishers would then send emails to victims linking the Google search result for that specific term.
- If those links are clicked, unaware victims land on an attacker-controlled website, which then redirects the user to a phishing page.
- Such campaigns are made even stealthier by the use of location-specific search results, Microsoft revealed.
Customized 404 error pages
All internet users are well aware of the 404 Not Found page; it tells you that you’ve hit a broken or dead link. But, that may not be the case every time as phishers abuse 404 pages to serve phishing sites.
- Instead of including a link to the phishing URL, attackers include links that point to non-existent pages i.e. 404 error pages.
- Now, when Microsoft's security systems scan the link, it would receive a 404 error because the link originally didn't exist, and Microsoft would view the link as safe.
- However, for a real user, the phishing site would detect and redirect them to an actual phishing page instead of the server's standard 404 error page.
Man-in-the-middle phishing tactics
“Instead of attackers copying elements from the spoofed legitimate website, a man-in-the-middle component captured company-specific information like logos, banners, text, and background images from Microsoft’s rendering site,” the blog read.
- Here, phishers send emails (with URLs) to their target which is pointed to an attacker-controlled server.
- This server is the man-in-the-middle component that simulates Microsoft sign-in pages.
- The server would first verify certain specific information based on the recipient’s email address, including the target company, and then gather information specific to that company.
- It was found that the phishing page was similar to the legitimate sign-in page, which significantly reduced suspicion.
- The MitM-based technique isn't very popular though, as the phishing site's URL is clearly shown in the address bar. Users can easily avoid disasters by closely inspecting the page's URL to avoid such scams.
Phishing continues to remain a top attack vector for cybercriminals. Individuals and organizations need to be cognizant of clever phishing techniques to avoid becoming victims of identity theft, scams, and frauds.