Akamai researchers have discovered a new phishing campaign that targets United States consumers with fake holiday offers, TechRadar reports. Fake landing pages created by threat actors attempt to steal victim's credit card information.
Some of the biggest US brands are being impersonated in this campaign, including Dick’s, Tumi, Delta Airlines, Sam’s Club, Costco, and others. The landing paged direct users to a survey that promises some sort of prize upon completion. The surveys take only five minutes, using urgency to draw people’s attention away from potential red flags.
At the end of the survey, the users are told they are winners and only need to pay for shipping to claim their prize. This is how their payment information is being captured to then be used by the attackers in different ways.
What makes this particular campaign unique is it uses a token-based system that allows it to fly under the radar and not get picked up by cybersecurity solutions. The system redirects each individual victim to a unique phishing landing page URL. The URLs change based on the victim's location, further allowing
Cybersecurity solutions such as antivirus software overlook these tokens, helping the cybercriminals stay under the radar. Security awareness training teaches users to be vigilant against these types of attacks that may not otherwise be caught.