Phishing-as-a-Service: What You Need To Know To Stay Cyber-Safe

Written By Guest User

With new cyber-attacks making news headlines every week, it can feel like you’re swimming upstream trying to navigate the ever-changing cyber landscape. One of the newer forms of attack leverages Phishing-as-a-Service to steal credentials and take control of your accounts. Keep reading to learn more about this form of phishing and how to keep yourself safe.

What Is Phishing-As-A-Service?

Phishing-as-a-Service, like other as-a-service offerings, is a kit created by cybercriminals that has everything someone would need to run a successful phishing scam. This can include code, graphics, email templates and landing pages among other items needed.

A cybercriminal looking to run a phishing scam would simply need to purchase this kit and deploy it – all the heavy lifting has been done for them by the developer or group selling the service.

The Rise Of EvilProxy

In 2022, Resecurity discovered a new Phishing-as-a-Service called EvilProxy. The kits created by EvilProxy allow cybercriminals to target people who use Multi-Factor Authentication (MFA) to secure their accounts. Like Adversary-in-the-Middle or Man-in-the-Middle attacks, someone would follow a link to what they assume is a legitimate site, only to have it intercepted by the attacker. The attacker uses session cookies to login to the account you’re trying to get to and secretly harvests the information you enter into their fake landing page.

Another way EvilProxy attempts to scam people is by targeting the software developers of major brands. When targeting the developers, they send crafty phishing emails in an attempt to gain access to the software itself and insert malicious code. This way, they can then send the now-malicious software to unsuspecting people who inherently trust the major brand and their software.

In the early days of EvilProxy’s rise to notoriety, the group was connected to attacks against Google and Microsoft users who used MFA to protect their accounts. These attacks targeted people who used SMS or Application Tokens to secure their accounts. Despite EvilProxy being relatively new to the cybercrime scene, they clearly wanted to make a splash by going after large, reputable organizations. This trend has continued as the group has grown, with kits designed to target users of larger brands like Apple, Facebook and Dropbox.

EvilProxy isn’t shy to proclaim their success or explain how to use their phishing kits. Cybercriminals wishing to purchase and use the kits can do so on a subscription basis.

The rise of EvilProxy marks a noteworthy shift in the world of cybercrime and the unfortunate growth of threat actors exploiting Multi-Factor Authentication (MFA) mechanisms.

EvilProxy And Indeed

Cybercriminals recently used EvilProxy to conduct an attack targeting Microsoft 365 accounts by exploiting open redirects from the Indeed employment website.

Open redirects aren’t inherently bad, and many websites use them for login pages or for MFA.

The attackers targeted high-ranking employees from electronics, manufacturing, banking, finance and other industries through a weakness related to open redirects in the website code. This allowed them to create a redirection to a phishing landing page without raising any alarms.

Targets in the attack received a legitimate-looking link to an Indeed page. Because the attackers exploited a well-known company, people following the link inherently trusted that they were going to a legitimate login page.

The targets were sent to a fake Microsoft 365 login page, where they entered their details and completed MFA. The threat actors were able to capture the target’s credentials and the authentic cookies to hack the target’s account.

A spokesperson for Indeed has reported that no user data was improperly accessed.

How To Keep Yourself Safe From Phishing-As-A-Service Attacks

1.       Visit the site directly. If you receive an email prompting you to follow a link to a well-known site, instead of following the link login directly through the website.

2.       Use a password manager. The password manager can store the URL of the website you’re trying to connect to, so if you don’t get the prompt for the password manger to enter your password, you know you’re on the wrong site.

3.       Be warry of MFA attacks. MFA is a useful and secure additional layer of security protecting your accounts that we recommend you use to protect yourself both at work and at home. Some steps you can take to increase the security of MFA include:

a.       Reduce the amount of time between different methods of authentication (for example if an account is password protected and requires an MFA code for access).

b.       Add additional factors of authentication like geolocation or biometric factors which are harder for cybercriminals to hack.

Phishing-as-a-Service attacks can have a substantial impact on your personal accounts, and an equally substantial impact on your work accounts. Knowing what to do when you encounter something phishy will help keep you cyber safe. If you’re ever usure, reach out to your organization’s security awareness team.

Guest User
Previous

How to Stay Cyber Safe During the Holidays
Next

Grandparent and Emergency Scams