By Paul Miguel Babon
Email threats continued to increase in the time of the pandemic, and the number of phishing URLs rose along with it. Our 2020 mid-year observation on phishing and email threats continue to be true as we close out the year.
During our recent tracking efforts, we observed a phishing technique that involves a combination of phishing email and scam pages. This combination comprises an exact URL being the phishing page, and its domain being a scam website.
The process starts after a phishing email arrives:
From this email, clicking on the “Release All/Block All” button would direct the user to hxxps://wiseinvestors[.pro]/mail/mail.php?log=, a completely different website unrelated to the email. The content of this link displays a fake login form for an email system:
The preceding screenshots show common practices for most phishing schemes. However, what is notably different from this URL is that the domain itself is also accessible. Accessing the domain hxxps://wiseinvestors[.]pro displays a company page:
We determined that this is a fake company based on the following factors:
Cybercriminals using this phishing technique are able to avoid real-time detection as the domain needs further scrutiny, which anti-spam and malicious URL-blocking capabilities of common security software can miss. Even if the phishing mail is thwarted, the phishing domain remains undetected, allowing cybercriminals to create more phishing URLs hosted on the domain.
We have seen other examples of this combined phishing-and-scam technique in recent months. Below are some examples:
Users can avoid such attacks by following a few best practices before clicking on a link in any email:
For organizations, following security best practices will help minimize the success of similar phishing campaigns. Stopping threats from their initial entry prevents losses. Below are some general security practices to implement:
A multilayered security approach is advised to protect all possible threat entry points. Solutions such as Trend Micro™ Email Security , which uses enhanced machine learning and dynamic sandbox analysis, can stop email threats. Phish Insight provides the most effective phishing simulations and cybersecurity awareness training modules on the market. Powered by Trend Micro, the Phish Insight team creates a simulation template library based on billions of real phishing samples as well as a fully automated and staggered delivery system that makes the simulation emails even more convincing. Not only integrating the best and the most prevalent training modules from around the world, Phish Insight also allows users to customize their own training programs. Phish Insight enhances information security awareness for organizations by empowering people to recognize and protect themselves against the latest cyber threats.
Like it? Add this infographic to your site:1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
In the first half of this year, cybersecurity strongholds were surrounded by cybercriminals waiting to pounce at the sight of even the slightest crack in defenses to ravage valuable assets. View the report
The upheavals of 2020 challenged the limits of organizations and users, and provided openings for malicious actors. A robust cybersecurity posture can help equip enterprises and individuals amid a continuously changing threat landscape. View the 2020 Annual Cybersecurity Report
By Paul Miguel Babon