In the past, we came through a number of Phishing campaigns where the attackers using Valid TLD itself for phishing and the Punycode attack demonstrated by Xudong Zheng.
Now hackers find a new way innovative method to create believable URL’s and targeting mobile users, specifically Facebook users.Security experts from Phishlabs came through this new campaign targeting mobile users.
Security expert Crane Hassold says “Instead of attempting to make genuine looking
URLs, threat actors have begun including genuine, legitimate domains within a
longer URL, and padding it with hyphens to hide the real target“.
hxxp://m.facebook.com-------------validate----step1.rickytaylk[dot]com/sign_in.html
You can see the URL starts with m.facebook.com but the real destination URL here is rickytaylk.com, not m.facebook.com.
You can see the screenshot, where you can see only the m.facebook.com and an endless stream which hides the original target address.This smart addition of the Facebook favicon in the address bar looks like the site is exceptionally genuine.
Inattentive mobile users easily fall into the trap and give away their valuable credentials to the attackers. Generally, these phishing URL’s are transferred through SMS, Chats, and Emails.
Here you can see some more examples.
hxxp://login.Comcast.net-------account-login-confirm-identity.giftcardisrael[dot]com/ hxxp://accounts.craigslist.org-securelogin--------------viewmessage.model104[dot]tv/craig2/ hxxp://offerup.com------------------login-confirm-account.aggly[dot]com/Login%20-%20OfferUp.htm hxxp://icloud.com--------------------secureaccount-confirm.saldaodovidro[dot]com.br/
Crane Hassold says “it’s highly likely that this tactic is being distributed via SMS phishing or through the social messenger, rather than email”.
One can easily identify the Phishing URL that sent through email by just hovering our the link, but that is not possible if the URL provided through SMS.
Security researchers said they have spotted more than 50 attacks of this type and has a rapid growth from last March.
Hackers not using this method for credential harvesting alone, they use to send more phishing URL’s via status updates or private messages.
A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed…
Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria Stealer,"…
Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass,…
The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly sophisticated…
Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations designed…
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated, state-sponsored…