Lookalike Login Pages Pose a Serious Cyber Risk
Although email phishing has taken many forms throughout the years, the most common type of email scam is also the oldest. Since 2003, black-hat hackers have created domain names and web pages that look virtually identical to actual websites and have linked these copycat sites to vulnerable users via emails. It is increasingly difficult to tell the difference between a real web page and a fake one, especially for companies without sophisticated anti-phishing tools. For all companies, it's important to have the best anti-phishing solutions in place to ensure all data is protected and downtime is avoided.
LinkedIn Login Mimicry
Cybercriminals often attempt credential harvesting by creating fake social media login pages to get individuals to re-enter information like usernames, passwords and emails. Recently, a member of the RevBits team was the subject of one such LinkedIn login mimicry phishing scam. This scam, however, was instantaneously detected by RevBits Email Secuirty, an advanced anti-phishing software. Without proper email security, this email could have gone completely undetected, as the HTML/CSS of the email and the webpage appeared exactly like LinkedIn’s.
To add another layer of sophistication, malicious hackers will spear phish in an attempt to increase an emails apparent legitimacy. To spear phish, cybercriminals research a recipient, so they can include personal information in the email. Cybercriminals include these details to trick consumers into overlooking possible irregularities of the email to engage with the links, attachments or login pages.
The Simplicity of Creating a Fake Webpage
While this level of sophistication in phishing scams may seem rare due to the apparent required effort, it’s neither unique nor difficult to set up. It’s so easy, we created our own lookalike web pages for a phishing campaign. In under an hour, we set up credential harvesting pages, exactly mimicking PayPal and Microsoft login pages with realistic URLs. 1,500,000 new phishing webpages are created per month, so it’s clear this problem is not slowing down anytime soon.
How to Avoid These Risks
While phishing is still very prevalent and methods continue to grow in sophistication, so do phishing prevention techniques and technologies. There are two main elements to maintaining enterprise security: anti-phishing software and anti-phishing training. Neither of these should work independently of one another – but instead work together.
Security awareness training is typically a requirement among large and mid-sized companies and for good reason. A little bit of training can go a long way when it comes to phishing prevention. However, it can’t be the only method of email security that a company uses. It is extremely easy for hackers to make convincing fake pages, like our PayPal and Microsoft sites, that even the savviest of email users would fall for.
In addition to cybersecurity education, email security technology should work on multiple levels to keep companies safe. It should scan all content, such as addresses, links, URLs or attachments for the latest threats and report them to the user and allow users to manually report suspicious emails. RevBits Email Security does both of those things and more, making it easy for companies to not only avoid the latest threats, but also know how to recognize them when they arise.
RevBits Email Security is a next generation security solution which performs the deepest analysis of emails looking for the most sophisticated of email schemes. Current email security solutions operate out on the gateway server of a company’s network and to prevent latency in the company’s email delivery system, only a certain level of depth of analysis can be conducted on each email. However, by operating at the endpoint, RevBits Email Security utilizes the power of the individual client machine to conduct a deep, thorough analysis without creating latency in email delivery.
“I could end the deficit in 5 minutes. You just pass a law that says anytime there is a deficit of more than 3% of GDP, all sitting members of Congress are ineligible for re-election.” - Warren Buffett
We take great care to safeguard our homes and valuable assets with numerous methods of defense. We employ layers of protection, with double locks on external doors, alarm sensors on windows, strategically placed motion-activated cameras and signs in the yard to deter intruders.
We currently live in a cultural climate of escalating misinformation, spurious ideations, and fomenting conspiracy theories. Pick a topic - health, finance, politics… Brittany Spears - and you’ll unearth a plethora of factual distortion and false beliefs. The Covid-19 pandemic and subsequent vaccination program continues to be fraught with conflicting confabulations and political media manipulations. It’s hard to know what to trust, where to place your faith, or how to attain a sense of security. And security, on a personal and business level, is a core primary concern. Relying upon inaccurate information or outdated myths could lead to devastating consequences.