Cybersecurity experts just revealed yet another way criminals are trying to deceive your users.
The culprit?
A sneakier phishing attack that has been hard to detect.
You see, this phishing attack uses a new technique to hide the malicious code on the page to where a link in an email takes a user. This attack has led to numerous thieves stealing user credentials from all sorts of secure organizations ranging the gamut from banks to hospitals.
This attack evades detection using a never-seen-before trick that leverages a customized font to cover up any sign that it a malicious attack.
Recent research discoverers new credential-harvesting malicious phishing attack
Cybersecurity researchers recently revealed a new phishing scheme that maliciously harvests user credentials. Once the victim (your user!) clicks on a link from a phishing email, it takes them to a landing page that looks similar to the login they were expecting from the link. This could be to a bank account login page, an EHR login, webmail versions of outlook, or other web-based portal login.
What the attack is focused on doing? Stealing your user’s credentials. Plain and simple, hackers and criminals have devised a relatively easy-to-deploy scheme that is bent on stealing credentials.
What the researchers also found?
Once a criminal was able to steal credentials from a user logging into a deceptively similar web page to one the normally would log into, that criminal would then develop (through use of artificial intelligence and a lot of math) a list of other passwords that user might have for other work and personal accounts.
The initial landing page that seemed harmless enough could be the way one or many of your users open the door to attacks on your business’ network.
Even more interested is how the malicious attack is hidden
What’s even more interesting about these recent attacks is that the source code—the malicious code embedded in the linked website—was found encoded as display text.
For potential victims looking at the page, a browser will render the malicious code as plain text, which makes it extremely hard for current malicious web detections from seeing the page as a malicious site.
The additional trick criminals are using to get users into trusting their pages?
It’s actually quite easy. They are stealing the branding from legitimate pages—like bank pages and Outlook to make the login look as close to the actual as they can. Criminals are actually buying kits online that are able to nearly mirror whatever site they want a page to look like—logos and all—to closely impersonate a brand.
What should your users do?
Understand how to recognize a scam in the first place. Scam emails will not look exactly like legitimate ones. The problem is we often have dozens, if not hundreds of emails in our mailbox. Taking the time to figure out a scam may seem tedious, but it is a sure fire way to keep your users sticking to behaviors that ultimately will keep them safer.
If you have any questions or concerns, please feel free to reach out to one of our security experts.
