This New Phishing Kit Flies Under the Radar of Antivirus Software

This New Phishing Kit Flies Under the Radar of Antivirus SoftwareAkamai researchers have discovered a new phishing campaign that targets United States consumers with fake holiday offers, TechRadar reports. Fake landing pages created by threat actors attempt to steal victim's credit card information.

Some of the biggest US brands are being impersonated in this campaign, including Dick’s, Tumi, Delta Airlines, Sam’s Club, Costco, and others. The landing paged direct users to a survey that promises some sort of prize upon completion.  The surveys take only five minutes, using urgency to draw people’s attention away from potential red flags.

At the end of the survey, the users are told they are winners and only need to pay for shipping to claim their prize. This is how their payment information is being captured to then be used by the attackers in different ways.

What makes this particular campaign unique is it uses a token-based system that allows it to fly under the radar and not get picked up by cybersecurity solutions. The system redirects each individual victim to a unique phishing landing page URL. The URLs change based on the victim's location, further allowing 

The researchers at Akamai explain that the links to the phishing landing pages contain an anchor (#). Anchors are typically used to allow site visitors to navigate to specific parts of a landing page. In this instance the anchor tag is a token, used by JavaScript on the landing page which reconstructs the URL.

"The values being after the HTML anchor will not be considered as HTTP parameters and will not be sent to the server, yet this value will be accessible by JavaScript code running on the victim's browser," the researchers said. "In the context of a phishing scam, the value placed after the HTML anchor might be ignored or overlooked when scanned by security products that are verifying whether it is malicious or not. This value will also be missed if viewed by a traffic inspection tool."

Cybersecurity solutions such as antivirus software overlook these tokens, helping the cybercriminals stay under the radar. Security awareness training teaches users to be vigilant against these types of attacks that may not otherwise be caught.

Will your users respond to phishing emails?

KnowBe4's Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted phishing attack without clicking on a link. PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks!

PRT-imageHere's how it works:

  • Immediately start your test with your choice of three phishing email reply scenarios
  • Spoof a Sender’s name and email address your users know and trust
  • Phishes for user replies and returns the results to you within minutes
  • Get a PDF emailed to you within 24 hours with the percentage of users that replied

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews