Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    • Blog
      • /
    • Phishing
      • /
    • JavaScript Obfuscation on Phishing Pages Continues to Rise by 70%

    JavaScript Obfuscation on Phishing Pages Continues to Rise by 70%

    Stu Sjouwerman | Nov 2, 2020

    javascript phishing pagesThe use of JavaScript to obfuscate phishing pages increased by 70% in the ten months between November 2019 and August 2020, according to researchers at Akamai. Attackers use this technique to make it harder for security technology to detect their phishing sites. The vast majority of this activity involves content escaping (or URL encoding), but other less common techniques have skyrocketed.

    “The research focused on five obfuscation techniques that were explained in our previous blog,” Akamai says. “There was a significant increase in four of the monitored techniques between November 2019, and August 2020. The techniques that increased the most during the recorded period are content escaping obfuscation techniques (72%), Base64 encoding (800%), hex encoding variable name obfuscation (86%), and eval execution obfuscation (400%).”

    The researchers note that this activity began rising dramatically around the beginning of May 2020, which Akamai believes was due to an increase in phishing activity due to the pandemic.

    Most of the impersonated brands were in three sectors: high technology (29.2%), financial (21.4%), and social media (20.6%). Phishing scams impersonating media, e-commerce, and dating companies were also common.

    Akamai believes these techniques will grow more common as attackers try to stay ahead of the security industry.

    “We anticipate the use of JavaScript obfuscation techniques will continue to be adopted, as those techniques give the upper hand to threat actors and enable phishing and scamming websites to become evasive and undetected, thereby increasing these scams' efficiency,” the researchers write. “Moreover, we believe that, as the human factor is still considered the weakest link in the chain, educating and creating awareness of such scams and evasion techniques should guide us as we move forward. In addition, we believe that security controls need to be able to detect and eliminate such evasive techniques.”

    New-school security awareness training can enable your employees to thwart the phishing attacks that don’t get blocked by technical solutions.

    Akamai has the story.

    Topics: Phishing

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All