Phishing continues to be a highly dangerous online threat, as threat actors are persistent in improving their methods. One of the latest successful phishing campaigns was recently detected by Akamai Security Research. The team “has observed a new and highly sophisticated phishing kit” that imitates a number of popular retail brands ahead of the holiday season.
The high successful rates of the phishing kit are due to a mixture of evasion techniques and social engineering tricks. One of the notable aspects of the kit is a token-based system that confirms each victim is redirected to a unique phishing URL. In addition, the threat actor uses URL shorteners, fake user profiles and testimonials, and even a CDN to achieve infrastructure resilience.
Fake Customers and User Testimonials
The researchers performed a detailed analysis of the fake customer profiles. One particular fake user, Natalie Hamilton, was recycled with slight modifications across the various scam templates. The prize review comments were also customized, appearing legitimate at first glance. What gave the scam away is the strong similarity of the comments across the prize offerings, which would still go unnoticed by an average online user.
URI fragmentation is another interesting feature of the kit, and a novel evasion technique. What is it all about?
What’s the researchers’ conclusion? This phishing kit proves why phishing scams continue to be so successful. Threat actors are well acquainted with mitigation, social engineering, and various tactics that make detection almost impossible. “This blog post is not a dig at any security product or vendor’s efficacy — instead it showcases how even multiple layers of defense can be eroded to achieve a malicious purpose,” the team concluded.
Another example of a successful phishing-as-a-service kit was detected in September. Called EvilProxy, the platform is specialized in reverse proxy phishing campaigns aiming to circumvent MFA [multi-factor authentication] mechanisms.