It seems like attackers and phishing emails are always one step ahead of us and it’s a challenge for any business to stay secure these days.
Here’s a few red flags to watch out for:
Microsoft’s Office 365 Threat Research Team explains three significant phishing techniques they’ve noticed in 2019.
First off, hackers are using hijacked search results to redirect users to malicious sites. Here’s how it works: Attackers use a traffic generator to artificially push a baited website to the top of Google search results for specific keywords. When a user clicks on the harmless bait website, they are redirected to a phishing site or a malware download. This allows the bad actors to send phishing emails with benign links in order to bypass email security filters.
The second scam involves using custom 404 pages as phishing sites. Phishing campaigns are much more efficient when attackers have an easy way to move their phishing page to a different URL, because security technologies are constantly flagging and taking down malicious URLs. By using a URL for a non-existent page on the phishing domain, attackers can utilize an unlimited number of URLs in their phishing campaigns. When a user clicks on one of these URLs, they are automatically redirected to the domain’s 404 Not Found page. These pages can be customized just like a normal webpage, so the attackers designed them to appear to be sign-in pages in order to steal credentials.
A third phishing tactic abused Microsoft’s secure rendering site to automatically generate a duplicate of the targeted company’s Microsoft login page. The researchers explain that this allowed the attackers to create targeted phishing sites for each recipient with minimal effort.
“Phishers sent out emails with URLs pointing to an attacker-controlled server, which served as the man-in-the-middle component and simulated Microsoft sign-in pages,” the researchers write. “The server identified certain specific information based on the recipient’s email address, including the target company, and then gathered the information specific to that company. The result was the exact same experience as the legitimate sign-page, which could significantly reduce suspicion. Using the same URL, the phishing site was rendered differently for different targeted users”
Attackers will continue finding creative and sneaky ways to increase the efficiency of their scams. Security technologies for the most part react to new attack techniques, and attackers know this. The best way to protect your business is through employee security training.
Contact DarkHound SecOps and we can train your staff to spot those red flag phishing emails and keep your business safe.
Image Source: https://www.pexels.com/photo/red-yellow-and-black-bouy-on-body-of-water-during-daytime-190294/
Source: Microsoft’s Office 365 Threat Research Team