Security experts said cybercriminals are customizing their Phishing attack methods to trick companies and their users. According to Microsoft, phishing campaigns grew from 0.2 percent in January 2018 to 0.6 percent in October 2019.
In its recently released 2019 Cybersecurity Trends report, Microsoft highlighted that phishing was one of the attack vectors that was rising over the past two years. “In 2019, we saw phishing attacks reach new levels of creativity and sophistication,” Microsoft said.
The tech giant reviewed three of the intelligent phishing attacks it had seen in 2019, which include:
Hijacking Search Results
In this technique, attackers make use of URLs that point to a legitimate source but route to compromised websites that eventually lead to phishing.
How it works
- Attackers redirect web traffic that was hijacked from legitimate sites to their websites
- Once the domains became the top Google search result, they send emails to victims linking the Google search result
- If the victim clicks the Google link, they’ll be taken to an attacker-controlled website, which eventually redirects the user to a phishing site
“Using this technique, phishers were able to send phishing emails that contained only legitimate URLs (i.e., link to search results), and a trusted domain,” Microsoft stated.
Customized 404 Not Found Pages
In this technique, attackers use a custom 404 NOT Found page that’s designed to look like a legitimate Microsoft account sign-in page.
Phishers include URL links that pointed to non-existent pages. When a user accessed the URL, the phishing site redirects them to a phishing page instead of the server’s standard 404 error page.
Detailing the technique, Microsoft said, “A phishing campaign targeting Microsoft uses such a technique, giving phishers virtually unlimited phishing URLs. When Microsoft’s security systems would scan the link, they’d receive a 404-error back (because the link didn’t exist), and Microsoft would deem the link safe.”
In the Man-in-the-Middle (MitM) technique, users could be tricked by a legitimately looking login page.
“One particular phishing campaign in 2019 took impersonation to the next level. Instead of attackers copying elements from the spoofed legitimate website, a man-in-the-middle component captured company-specific information like logos, banners, text, and background images from Microsoft’s rendering site. The result was the exact same experience as the legitimate sign-page, which could significantly reduce suspicion,” Microsoft explained.
Also, a recent investigation by the Microsoft threat research team revealed that 44 million users were reusing their usernames and passwords. The tech-giant stated it scanned all the company’s user accounts between January 2019, and March 2019. The scanning was performed on a database of around 3 billion leaked credentials, which was obtained from multiple sources like public databases and law enforcement, Microsoft said.