Cyber Criminals Use AEA-256 Crypto To Obfuscate Phishing Sites



phishing sites encryptedThe Register said: "Well, at least someone listened to Snowden about privacy... Phishing fraudsters have begun using industry-standard AES-256 encryption to disguise the content of fraudulent sites.

Obfuscated phishing sites are nothing new. Various techniques such as JavaScript encryption tools are commonly used but Symantec recently caught what it reckons is the first use of AES-256 encryption in dodgy sites designed to hoodwink consumers into handing over their login credentials.

"The site used AES to hide the phishing page content", Paul Wood, manager of cyber security intelligence at Symantec, told El Reg. The tactic is designed to make the analysis of phishing sites more difficult for security researchers without interfering with how sites are presented to victims, as a blog post by Symantec explains. Click here fore more.




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews