CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
  • Home
  • News
  • Insights
  • Resources
Fake login page on a computer showing phishing threat
Cyber SecurityNews
·2 min read

Over 50,000 Fake Login Pages Targeting Major Brands Including Apple, Paypal, Microsoft and Facebook

Alicia Hope·September 7, 2020
TwitterFacebookLinkedIn

Over 200 of the world’s most prominent brands are affected by over 50,000 fake login pages used for executing various phishing attacks, a new report by IRONSCALES has found. The researchers discovered that phishing attacks from the spoofed pages mostly targeted the healthcare industry, financial services, government agencies, and technology firms. Although PayPal emerged as the brand mostly targeted by phishing attackers, the researchers said that the real threat was from over 9,500 fake login pages impersonating Microsoft services.

Key findings of the report

Ironscales researchers discovered that about 5% of the fake login pages applied polymorphic behaviors, with one brand having more than 300 permutations. Polymorphic phishing pages modified the subject or content of the emails to avoid detection by automated and human reviewers.

PayPal was the top target for phishing scams with over 11,000 fake login pages mimicking the brand. Others included Microsoft (9,500), Facebook (7,500), eBay (3,000), and Amazon (1,500). Brands like Adobe, Aetna, Apple, Alibaba, JP Morgan Chase, Tesco, Wells Fargo, and others also had spoofed pages trying to harvest users’ login details.

The study found that “the top 5 brands with the highest number of fake login pages closely mirrors the list of brands that frequently have the most active phishing websites.” Although PayPal had the highest number of fake login pages, Microsoft spoofs impersonating Office 365, One Drive, and SharePoint posed the greatest risk because they compromised both individuals’ and organizations’ accounts.

Reasons for the success of phishing attacks utilizing fake login pages

The research found that the phishing attacks were successful for two reasons. Firstly, malicious phishing emails delivering the fake login pages could easily bypass secure email gateways and spam filters.

Secondly, “inattentional blindness” prevents the victims from seeing the glaring evidence of unexpected changes hiding in plain sight.

The attackers changed the phishing emails by making “slight but significant modifications” in the email content such as the subject line or the email content. Polymorphic emails allow the victims to receive different versions of the same phishing email without triggering spam controls. This is because a signature-based email security platform fails to detect suspicious behavior once the spam emails were slightly modified. Researchers indicated that 5% of all the 50,000 attacks applied polymorphic behavior.

Close to 24% of attacks spoofing Microsoft were polymorphic with 314 permutations, while Facebook had 13% of polymorphic phishing attacks with 160 permutations.

The researchers explained that the reason for applying polymorphic behavior was because the security teams were consistently trying to take down fake login pages, forcing the attackers to evolve their tactics to defeat manual and automated technical controls.

For example, Microsoft shared insights into spear-phishing tactics with its users, hence forcing the attackers to change their tactics to disorient the already alerted victims.

Fake login pages trick users because of ‘inattentional blindness’ that prevents them from seeing unexpected differences hiding in plain sight. #cybersecurity #respectdataClick to Tweet

Detecting fake login pages

The firm says automated detection of fake login pages is possible through the application of AI, computer vision, and deep learning algorithms. Additionally, natural language processing (NLP) using both machine learning and neural networks could help identify the contents of the emails sent by the attackers. This would allow email systems to identify the fraudulent language and mitigate phishing threats.

 

TwitterFacebookLinkedIn
Tags
Fake Login PagesPhishing
Alicia Hope
Staff Correspondent at CPO Magazine
Alicia Hope has been a journalist for more than 5 years, reporting on technology, cyber security and data privacy news.
Related
Hacker working on computer showing search engine ads used for malware and phishing
Cyber SecurityNews

FBI: Hackers Are Using Search Engine Ads for Phishing and Malware Distribution

January 6, 2023
Senior business man using mobile phone showing whaling attacks
Cyber SecurityInsights

How High-Level Employees Can Defend Against Cybersecurity Whaling Attacks

July 15, 2022
Instagram logo on a smartphone with a security padlock showing hacked Instagram accounts
Cyber SecurityNews

Attackers Publicly Demanding Ransom From Hacked Instagram Account Owners in a Brazen Phishing Campaign

February 14, 2022
Boy and father playing games showing account takeover via phishing and social engineering
Cyber SecurityNews

EA Confirms Account Takeover Attacks Compromising High-Profile Gamers via Phishing and Social Engineering Attacks

January 20, 2022
Close up of hacker hand using laptop with email icons showing phishing-as-a-service
Cyber SecurityInsights

Phishing-as-a-Service Brings Cybercrime to the Masses

January 20, 2022
Security locks with a fish hook on computer keyboard showing phishing and cybersecurity culture
Cyber SecurityInsights

Can Your Cybersecurity Culture Stand Up to the Latest Spear Phishing Techniques?

December 8, 2021
Man holding smart phone with YouTube logo on screen showing phishing of YouTube creators for cryptocurrency scams
Cyber SecurityNews

Phishing Campaign Targets YouTube Creators With Cookie Stealing Malware To Hijack Accounts And Stream Cryptocurrency Scams

November 1, 2021
Hand holding USB device showing government employees using zero trust and multi-factor authentication
Cyber SecurityNews

Phishing-Resistant Multi-Factor Authentication Coming for US Government Employees as “Zero Trust” Architecture Rolls Out

October 27, 2021

Latest

Airline passengers in an international airport showing no fly list in data leak

Wanted Hacker Accessed Federal No Fly List on an Unsecured Airline’s Server

Yellow crime scene tape on computer keyboard showing law enforcement operations on Hive ransomware gang

Hive Ransomware Shut Down by Law Enforcement Operation; FBI in Possession of Decryption Keys, Group’s Public-Facing Website

Woman holding glasses showing data privacy regulations

Navigating the Data Privacy Landscape in 2023

WhatsApp app icon on a smartphone showing GDPR violations

WhatsApp Receives €5.5 Million Fine for GDPR Violations

- Advertisement -

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

Stay Updated

CPO Magazine

News, insights and resources for data protection, privacy and cyber security professionals.

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
Do Not Sell My Data

Stay Updated

Follow Us

© 2022 Rezonen Pte. Ltd.
CPO Magazine - News, Insights and Resources for Data Privacy, Protection and Cybersecurity Leaders
  • Home
  • News
  • Insights
  • Resources
    Start typing to see results or hit ESC to close
    U.S. Data Breach Regulations EU GDPR Facebook
    See all results