skip to Main Content

At The Identity Organisation, we're here to help!

If you have any questions, just contact us by mail or phone and a member of our team will be in contact with you.

Contact Us Anytime

Our ears and inbox are always open (or at least Monday-Friday, from 9am-5pm).

Mercury House
19-21 Chapel Street, Marlow,
Bucks, SL7 2HN

+44 (0) 1628 308038
info@tidorg.com

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Phishing Campaigns Evolving Rapidly; Using Innovative Tactics to Avoid Detection

    Phishing Campaigns

    In the past few months, Microsoft Office 365 phishing campaigns have evolved drastically, using innovative tricks like inverted login pages, sub-domains, and pre-detecting sandboxes to evade detection. Some of these notorious but ingenious tricks observed by security researchers are: 

    Detecting Sandboxes 
    Microsoft recently discovered a phishing campaign that could avoid automated analysis by detecting security sandboxes (automated analysis). The campaign uses URLs that could spot sandboxes and switch the redirected URL to a legitimate page or website instead of the phishing landing page.

    “We’re tracking an active credential phishing attack targeting enterprises that uses multiple sophisticated methods for defence evasion and social engineering,” said Microsoft. “The campaign uses timely lures relevant to remote work, like password updates, conferencing info, helpdesk tickets, etc.”

    This method makes sure that only real people or potential victims reach the landing page and not security researchers and automated security scans. Thereby reducing their chance of being blocked. These emails are also very well crafted and obscure – another way to dupe email gateways. 

    Inserting Custom Sub-domains
    Another way these attackers have found to make phishing URLs more legitimate is by inserting custom subdomains for each user with their name and their organization’s name. 

    “This unique subdomain is added to a set of base domains, typically compromised sites,” Microsoft explained. “Notably, the phishing URLs have an extra dot after the TLD, followed by the Base64-encoded email address of the recipient. The unique subdomains also mean huge volumes of phishing URLs in this campaign, an attempt at evading detection.”

    Inverting Images of Webpages
    This particular campaign uses inverted images (as the landing page) of the webpage they are trying to imitate. The security defences receive this page thereby escaping detection. The phishing kit reverses the inverted page to look like the original (using Cascading Style Sheets (CSS) ) for the user. 

    Google Ads
    A pretty neat trick used by phishing campaigns is by misusing Google Ads and Google Cloud Services, Microsoft Azure, Microsoft Dynamics, and IBM Cloud to host phishing pages that look legitimate and surpass secure email gateways.

    It’s advised beefing up security awareness training to help users be aware of the potential dangers around phishing emails. Users need to understand the dangers and potential costs of opening and acting on the content of these emails.

    With thanks to the Cyber Defence Alliance and E Hacking News. The full story is here: https://www.ehackingnews.com/2020/11/phishing-campaigns-evolving-rapidly.html

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST Results

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Back To Top