It never ceases to amaze how clever hackers are or how far they’ll go to phish someone. Whenever they find a flaw in their attack methodology, eventually, they figure out a way to overcome it.
Normally, a phishing attack will try and lure victims to a website to steal their credentials. The phishing website is typically a single, static webpage. In other words, everyone who ends up on that page sees the same page. The problem for hackers is that once this one webpage is identified as a phishing page, word gets out and that site gets blocked by anti-phishing technology pretty quickly.
Now, one of the newest campaigns, called Heatstroke, has figured out a way around that with a multistage phishing attack. Heatstroke invokes two clever techniques to bypass anti-phishing solution. First, it doesn’t send victims to the phishing website right away. It sends them to a legitimate one initially and then redirects them to the phishing site after that. Second, and this is where things get really clever, the first site they send victims to varies for different users. That’s clever!
Heatstroke uses a three-stage approach, according to the research done by Trend Micro. “The attacker sends a phishing email asking the user to verify his account. The email is sent from a legitimate domain to avoid being blocked by spam filters. The user is redirected to a first-stage website, which varies. The first-stage website redirects the user to a second-stage site. This stage is for validation. Once all the checks are done, the user is diverted to a third-stage website, which is the actual phishing site.”
Companies targeted by Heatstroke so far include Amazon and Paypal. The scary thing is that this exploit is available online as a phishing kit. So, you can expect other companies to be targeted in the future.
So, what should you do to defend yourself from these new, multistage phishing attacks? First, you should get awareness training which can make you aware of the newest exploits like Heatstroke. Next, you should still deploy anti-phishing technology like Phish Protection with Advanced Threat Defense, which will protect you from most of the advanced phishing attacks.
Finally, you should learn to recognize the telltale signs of being phished. For instance, if you find yourself having to log in twice, anywhere, that’s a clue that you just got phished.
Attackers never stop evolving, which means you need to be vigilant about protecting yourself. Stay alert, stay up to day and stay safe.