Study Shows Increase in Credential Theft Through Spoofed Login Pages

IRONSCALES new research showed a substantial spike in credential theft utilizing spoofed websites. In the first half of 2020, the researchers discovered and reviewed bogus login pages that cloned big brand names. They found around 50,000 fake login pages with close to 200 spoofed brand names.

The login pages are included in compromised sites and many attacker-controlled domains and closely mimic the legitimate login pages the brand names used. On particular occasions, the attacker embeds the counterfeit login inside the email communication.

The email communications used to direct unsuspecting people to the fake login pages make use of social engineering techniques to persuade recipients to reveal their usernames and passwords. After harvesting those data, the attacker utilizes it to log in to the legitimate accounts for various nefarious uses for example counterfeit wire transfers, credit card fraud, data theft, identity theft, etcetera.

IRONSCALES researchers found out that the brand names having a lot of fake login pages closely mimicked the companies having a lot of live phishing websites. Paypal had the biggest number (11,000) of counterfeit login pages. Microsoft is next with 9,500. Facebook, eBay, and Amazon have 7,500, 3,000, and 1,500 fake login pages, respectively..

Although PayPal is number one on the record of spoofed brands, fake Microsoft login pages pose a major risk to businesses. In case attackers steal Office 365 credentials, they could use the details to obtain access to business Office 365 email accounts that might contain various highly sensitive data and, even a substantial volume of protected health information (PHI) in case accessing healthcare firms.

These brands were likewise often impersonated: Alibaba, Adobe, AT&T, Aetna Apple, DocuSign, Bank of America, Delta Air Lines, Netflix, JP Morgan Chase, LinkedIn, Wells Fargo, Squarespace, and Visa.

The most frequent email recipients in these fraudulent campaigns include persons employed in the financial companies, healthcare and technology markets, and government organizations.

Approximately 5% of the bogus login pages were polymorphic, which means for one company there were more than 300 permutations. Microsoft login pages received the largest degree of polymorphism having 314 permutations. The need for the huge amount of permutations of login pages is not totally understood. IRONSCALES stated this is mainly because Microsoft and other companies are actively hunting for fake login pages copying their brand. By using a number of different permutations makes it more challenging for human and technical solutions to find and take down the pages.

The emails utilized in these campaigns usually get around security regulations and land in the inboxes. Messages that have phony logins could now repeatedly get around technical controls, including SPAM controls and secure email gateways, without considerable time, cash, or resources expended by the hacker. This comes about because the message and the sender could pass diverse authentication tools and gateway controls that seek malicious payloads or recognized signatures that are usually lacking from these sorts of messages.

Although the phony login pages are different a bit from the login pages they spoof, they are still good enough and quite often successful should a user arrives at the page. IRONSCALES explains that this is due to “inattentional blindness”, where folks are unable to notice an unexpected change in plain sight.