How Are Credential-Theft Phishing Websites Avoiding Detection? They Just Invert the Website Background

Credential-Theft Phishng WebsitesSometimes the easiest solution is the best solution. And in the case of phishing attacks intent of stealing credentials using a fake logon page, it appears that background inversion does the trick.

Plenty of security solutions use crawlers to spot phishing sites before allowing users to navigate to them. And one of the more identifiable aspects of legitimate logon pages to sites such as Office 365 is the background. So, it makes sense that anytime a background image traditionally associated with a well-known authentication process shows up on some other website, it’s a sign there may be something suspicious afoot.

Well, it appears the bad guys have figured this out and have used the simplest of techniques to avoid detection: inversion. By simply inverting the picture background image (see below) using Cascading Style Sheets (CSS) when a crawler visits, the bad guys avoid detection.

Original next to inverted background

Source: PhishFeed

But what about when a human visits? It’s obvious something’s wrong. No problem. The CSS code automatically reverts the image to its normal presentation when an actual user visits, making them feel they’ve arrived at the appropriate page.

This one is so tricky, no user will ever know just by looking at the familiar background. But through new school Security Awareness Training, users can be taught to be mindful of the website URL, making certain it’s actually the legitimate vendor’s logon page and not a lookalike website. WMCGlobal has the full story

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews