CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
  • Home
  • News
  • Insights
  • Resources
  • See all results
Fake login page on a computer showing phishing threat
Cyber SecurityNews
·2 min read

Over 50,000 Fake Login Pages Targeting Major Brands Including Apple, Paypal, Microsoft and Facebook

Alicia Hope·September 7, 2020
  • Share
  • Tweet
  • Share
  • Pin it

Over 200 of the world’s most prominent brands are affected by over 50,000 fake login pages used for executing various phishing attacks, a new report by IRONSCALES has found. The researchers discovered that phishing attacks from the spoofed pages mostly targeted the healthcare industry, financial services, government agencies, and technology firms. Although PayPal emerged as the brand mostly targeted by phishing attackers, the researchers said that the real threat was from over 9,500 fake login pages impersonating Microsoft services.

Key findings of the report

Ironscales researchers discovered that about 5% of the fake login pages applied polymorphic behaviors, with one brand having more than 300 permutations. Polymorphic phishing pages modified the subject or content of the emails to avoid detection by automated and human reviewers.

PayPal was the top target for phishing scams with over 11,000 fake login pages mimicking the brand. Others included Microsoft (9,500), Facebook (7,500), eBay (3,000), and Amazon (1,500). Brands like Adobe, Aetna, Apple, Alibaba, JP Morgan Chase, Tesco, Wells Fargo, and others also had spoofed pages trying to harvest users’ login details.

The study found that “the top 5 brands with the highest number of fake login pages closely mirrors the list of brands that frequently have the most active phishing websites.” Although PayPal had the highest number of fake login pages, Microsoft spoofs impersonating Office 365, One Drive, and SharePoint posed the greatest risk because they compromised both individuals’ and organizations’ accounts.

Reasons for the success of phishing attacks utilizing fake login pages

The research found that the phishing attacks were successful for two reasons. Firstly, malicious phishing emails delivering the fake login pages could easily bypass secure email gateways and spam filters.

Secondly, “inattentional blindness” prevents the victims from seeing the glaring evidence of unexpected changes hiding in plain sight.

The attackers changed the phishing emails by making “slight but significant modifications” in the email content such as the subject line or the email content. Polymorphic emails allow the victims to receive different versions of the same phishing email without triggering spam controls. This is because a signature-based email security platform fails to detect suspicious behavior once the spam emails were slightly modified. Researchers indicated that 5% of all the 50,000 attacks applied polymorphic behavior.

Close to 24% of attacks spoofing Microsoft were polymorphic with 314 permutations, while Facebook had 13% of polymorphic phishing attacks with 160 permutations.

The researchers explained that the reason for applying polymorphic behavior was because the security teams were consistently trying to take down fake login pages, forcing the attackers to evolve their tactics to defeat manual and automated technical controls.

For example, Microsoft shared insights into spear-phishing tactics with its users, hence forcing the attackers to change their tactics to disorient the already alerted victims.

Fake login pages trick users because of ‘inattentional blindness’ that prevents them from seeing unexpected differences hiding in plain sight. #cybersecurity #respectdata Click to Tweet

Detecting fake login pages

The firm says automated detection of fake login pages is possible through the application of AI, computer vision, and deep learning algorithms. Additionally, natural language processing (NLP) using both machine learning and neural networks could help identify the contents of the emails sent by the attackers. This would allow email systems to identify the fraudulent language and mitigate phishing threats.

 

  • Share
  • Tweet
  • Share
  • Pin it
Tags
Fake Login PagesPhishing
Alicia Hope
Staff Correspondent at CPO Magazine
Alicia Hope has been a journalist for more than 5 years, reporting on technology, cyber security and data privacy news.

Latest

Social communication and networking icons showing data scraping of social profiles

Chinese Startup Leaks 318 Million Private Records Obtained Through Data Scraping Facebook, Instagram, and LinkedIn Social Profiles

iPhone back side cameras showing Apple's IDFA changes affecting app developers who are resorting to device fingerprinting

Apple’s IDFA Tracking Changes Force App Developers to Look for Workarounds; Device Fingerprinting is Popular Despite Violating App Store Rules

Hacker hand stealing data from laptop showing web application attacks since COVID-19 vaccines

Healthcare Web Application Attacks Increased by 51% Since the Introduction of COVID-19 Vaccines

Hand on smartwatch and health medical tracker showing warning for health apps over data sharing

Fertility-Tracking App Flo Settles With FTC Over Misrepresentation of Data Sharing Practices; Warning for All Health Apps

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

Stay Updated

Follow us

CPO Magazine

News, insights and resources for data protection, privacy and cyber security professionals.

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
Do Not Sell My Data

Stay Updated

Follow us

© 2020 Rezonen Pte. Ltd.
CPO Magazine - News, Insights and Resources for Data Privacy, Protection and Cybersecurity Leaders
  • Home
  • News
  • Insights
  • Resources
Start typing to see results or hit ESC to close
U.S. Regulations Data Breach EU GDPR Cyber Threat
See all results