Phishing is not new, but it's becoming increasingly sophisticated, as highlighted by Cofense's recent insights. Nowadays, attackers have moved beyond sending out generic emails in hopes of getting a bite. Instead, they craft phishing pages that check your login details in real time, making these scams more convincing and potentially harmful.
Traditionally, credential phishing involves sending out mass emails to lure in as many victims as possible. In contrast, precision-validated phishing zeroes in on specific targets. Attackers now reach out only to email addresses they've confirmed to be active, legitimate, and often valuable.
In this type of attack, hackers distribute phishing emails using real but compromised email accounts. When a user lands on a phishing page, their email address is instantly verified against the attacker's database before the fraudulent login form is displayed. If the email address doesn't match any from the pre-collected list, the phishing page either presents an error message or redirects the user to a benign landing page.
This attack uses a unique method to bypass email security. Many security systems employ sandboxing, where files or links are opened in a secure environment to evaluate risks. During this process, random usernames and passwords are tested. However, because the toolkit provides instant account validation, security tools hit a wall, making it difficult for them to analyze further and flag the email as phishing.
Takeaways:
- Be skeptical of login pages from email links. If you're asked to log in from an email, open a new browser and go to the site directly instead
- Use multi-factor authentication (MFA). Even if the attacker harvests the password, MFA can block further access
- Report suspicious messages. Early reporting helps security teams take action and warn others
#ALTACyber
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------