Credential phishing kits target victims differently depending on location

There is a new attack vector in town – the customization of phishing kits. In a recent case uncovered by PhishMe Intelligence, a phishing kit was crafted to target residents of specific regions using either TrickBot or Locky.

Instead of determining what malware to deploy, this kit determined what personal information to collect from its victims. Because the United States was the first in online banking, phishers originally began targeting United States residents. As online banking becomes more prevalent around the world, targeting victims on a global landscape requires more customization of phishing scams and techniques to match local expectations.

Phishing in the wild: A deeper look

In October 2017, PhishMe Intelligence observed a phishing campaign that spoofed a PayPal login page. The email falsely informed the recipient of an account limitation and instructed the recipient to follow “3 easy steps” to remove the limitation. The kit also used AES encryption to encrypt the source code of the phishing page, which prevents crawlers and static scanners from viewing the source code. This presents a stealthy technique in evading detection by browsers and poses a major security risk for phishing victims.

Breaking down the details

When victims click the “Review Your Information” button, they are first required to enter the email address associated with the PayPal account, followed by the password. This information is submitted to the threat actors via email.

Because the source code of the landing page is encrypted, it becomes difficult to investigate how the kit functions and where stolen information goes once it is entered. This helps the phish to evade detection by traffic-inspecting boundary devices, such as next-generation firewalls and anti-virus solutions.

To read the original article:

https://www.helpnetsecurity.com/2018/02/08/credential-phishing-kits/

 

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *