3 of the smartest phishing techniques of 2019, according to Microsoft


Posted by Alex Phillips 12 months ago

Phishing is on the up. 

A report published by Microsoft on 2019’s malware and cybersecurity trends revealed that phishing was one of the few attack vectors to have seen a rise in activity over the past two years.

According to the report, phishing attacks increased from less than 0.2% in January 2018 to around 0.6% in October this year. However, while phishing attacks grew, the number of ransomware, crypto-mining and other malware infections went down.

In a recent blog post, Microsoft revealed three of the smartest phishing attacks it has seen in 2019.

1. Hijacked search results

This multi-layered malware operation resulted in infected Google search results. Here’s how it worked:

·        The criminals funnelled web traffic from legitimate sites to websites under their control

·        The domains became top Google searches for specific terms

·        Victims received emails linking to the Google search result

·        If the victim clicked the link and then the top result, they landed on a gang-controlled website and were redirected to a phishing page

This was possible because rather than targeting high-traffic keywords, the attackers focused on gibberish (like “hOJoXatrCPy”), and used location-specific search results.

2. Abusing 404 error pages

Phishers also started using custom 404 pages to serve phishing sites. The attackers were using links that pointed to non-existent pages, so when Microsoft’s security systems scanned the link it was deemed safe (as it returned a 404 error). 

However, if a real user clicked on the URL, they would be redirected to a phishing page, not a 404 error page. By also using subdomain generation algorithms and regularly changing the main domain, attackers were able to generate almost unlimited phishing URLs.

3. MiTM-based phishing

Some phishing attacks incorporated a man-in-the-middle (MiTM) server, taking impersonation to another level. As Microsoft explains: “a man-in-the-middle component captured company-specific information like logos, banners, text, and background images from Microsoft's rendering site.” This resulted in “the exact same experience as the legitimate sign-in page, which could significantly reduce suspicion.” However, even though the login page looked perfect, the phishing site’s URL was still visible in the address bar.

Are you looking to increase your cybersecurity resource in 2020? Get in touch with the team at Hunter Charles to find out how we can help.

Tweets from @hunter__charles