Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

08:30 AM
Joan Goodchild
Joan Goodchild
Edge Features

Phishers' Latest Tricks for Reeling in New Victims

Phishing works because people are, by nature, trusting -- but these evolving phishing techniques make it even tougher for security managers to stay on top.

Image Source: Akamai
Image Source: Akamai

1. Geolocking and Geotargeted Attacks
Geolocking involves targeting victims in one geographical location for efficiency, according to Ragan.

"You'll see this with retail and financial phishing," he says, referring to one campaign his team is monitoring. "Currently a text-based phishing campaign targeting the financial sector is only allowing traffic from mobile networks and is blocking direct access via desktop browsers or crawlers."

Another newer tactic includes campaigns that abuse brands and target highly focused geographic areas, says Or Katz, principal security researcher at Akamai. The research team recently spotted a phishing attack campaign targeting people planning their summer vacation in specific regions. The criminals behind these attacks used the names of several popular amusements parks. They employed a phishing tool kit named "Three Question Quiz" and included at least 17 brands and more than 30 phishing websites, targeting amusements parks located in the US, Europe, Asia, and Australia.

Based on evidence collected from one of the UK brands impacted by the phishing attacks, Akamai noted the campaign was mainly targeting victims in the first two weeks of June – a busy time when people plan summer vacations.

2. Advanced Evasion Techniques
Phishing kits have evolved, according to Ragan, "to the point where evasion techniques are almost the central focus rather than the actual theme of the kit. Once the anti-bot and obfuscation techniques are in place, then the developer or team will select a target and develop the website as a near-perfect clone."

In addition to the aforementioned geolocking example, other evasion strategies include network-level blocking, obfuscation of text and images, keyword filtering, and self-hosted storage, where harvested credentials are stored locally instead of emailed to the criminal.

Elad Schulman, CEO of Segasec, notes his researchers have seen more advanced cloaking techniques than observed in the past.

"Hackers filter users by geolocation, user agents, and other parameters so that when a hosting provider tries to see the content of a fraudulent site, what they see instead looks completely legitimate, fooling them to believe there is nothing problematic there," he says.

3. Dynamic, Realistic Sites
As Schulman and Ragan note, phishing criminals have become extremely adept at creating sites that look nearly identical to authentic sites. In many instances, scammers are using dynamic attacks that look, feel, and behave like the original websites, Schulman says.

"For example, users can login to a website that looks like it is representing their bank account, see their account and even the right balance, and get scammed," he explains. "This type of scam is based on man-in-the-middle attacks, which completely and dynamically mirror the original site while bypassing even the multifactor authentication mechanisms."

4. Using Social Media
Most people have received a phishing attempt on social media by now. You know how it goes: A message appears in your inbox from a connection that says, "Is this you?" accompanied by a link. These kinds of attacks have ramped up, Katz says.

"Phishers have increasingly turned to social networks as a distribution channel," he says. "This tactic gives the attackers the ability to propagate rapidly and at the same time evade traditional security controls, such as email gateways."

5. Mobile Attacks
Phishing attacks that target mobile devices are also not new, but what is different is how much more common they have become, according to James Plouffe, a strategic technologist at MobileIron.

"Phones are extra susceptible to phishing attacks because of the way they are designed," he says. "For example, applications are becoming an attractive way in because they have the data and the permissions that give access to a user's microphones, cameras, and credit card information."

As the workplace continues its shift to mobile, Plouffe says his team anticipates more of these types of attacks – and criminals will be looking for details on company acquisitions, intellectual property, and revenue numbers.

{Continued on Next Page}

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio
2 of 3

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/6/2020 | 4:49:00 AM
Good article
I Just wanted to say thank you for explaining all of this so well.
Name That Edge Toon: In Tow
Flash Poll