HOME
NEWS

Credential Harvesting via Spoofing Actual Landing Pages: Avanan suggests protective measures


By VARINDIA - 2022-08-08
Credential Harvesting via Spoofing Actual Landing Pages: Avanan suggests protective measures

By Manish Alshi, Head of Channels and Growth Technologies - India & SAARC, Check Point Software Technologies

 

Trust is a rare commodity in the world of cyberscams which we are seeing across the world, including here in India. It has been reported that an organization in India is being attacked on average 1789 times per week in the last 6 months, compared to 1643 attacks per organization in APAC. Unfortunately, 89% of the malicious files in India were delivered via Email in the last 30 days.

 

When looking at the behavior of scammers or hackers, they have the same modus operandi. The hacker has two tasks: Get into the inbox. And get the user to hand over the desired information.

 

Hackers spend tons of time thinking of creative ways to do both. The attack has to be crafted to not only fool security services, but also end-users. Fool the machine, fool the person and you’re golden!

 

We see tons of interesting ways of doing this. In this attack brief, I’ll explore one of the most unique and creative ways of getting users to hand over their information. How do they do it? By dynamically mirroring an organization’s login page. I’ll share how threat actors are creating mirror images of an organization’s landing page to fool users into handing over their credentials.


Attack

In this attack, hackers are able to mirror an organization’s traditional login page to get users to type in their credentials

 

· Vector: Email

· Type: Credential Harvesting

· Techniques: Impersonation

· Target: Any end-user

 

Email

In this attack, threat actors are dynamically mirroring an organization’s login page to convince users to hand over credentials.

 

Email Example #1

The user is presented with a typical-looking password expiration reminder email. The link, as you see, does not go to a Google or company URL.

 

From there, the user is asked to fill out a reCAPTCHA form, adding a veneer of legitimacy.

Here’s where it gets interesting. Though the URL is completely unrelated to the company website, the page looks exactly like the real deal. In fact, it’s a bit-for-bit mirror of the actual company site. The end-user will have their email address pre-populated and see their traditional login page and background, making it incredibly convincing.

 

Techniques

 

Avanan have written extensively about a group called SPAM-EGY.and also published an informative webinar. Basically, they are a “Phishing as a Service” subscription group that guarantees:

 

· The ability to reach the inbox using ever-changing obfuscation methods,

· Re-direction to a phishing page that appears to be the second page of the Microsoft 365 login with a pre-populated email address.

· Dynamically-rendered landing page that changes the logo and background to match the domain of the email address.

· The landing page will either request the email twice as validation or, optionally, attempt to use the credentials in real-time in order to verify the password.

· If the password is good, the user will be directed to a real document or to the Office.com home page.

· Once the user has entered their credentials, a cookie in the browser will render the phishing page 'unreachable', frustrating any further analysis.

 

This attack follows all those trademarks. However, what’s different is that it targets Google domains. This represents an evolution of this type of attack.

 

It is incredibly clever since it matches the login page that the end-user is accustomed to seeing. It adds a Google reCAPTCHA form to boost legitimacy.

 

A clever end-user will see that the URLs don’t match. However, everything else does. In the arms race to fool users, this is one of the more effective campaigns we’ve seen.

 


Best Practices: Guidance and Recommendations

 

To guard against these attacks, security professionals can do the following:

· Always hover over any link to see the destination URL before clicking on it

· Encourage end-users to ask IT if the email is legitimate or not

· Implement multi-tiered security that looks at a number of different indicators to determine if an email is malicious

 

Hackers will always be on the look out for unsuspecting online users – paying attention to the sites you are using and being wary of emails from unknown or unexpected sources will go a long way between calm and harm.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA