New challenges for cybersecurity due to phishing campaigns that verify victims' emails in real-time
Overview
Attackers have developed many new techniques and strategies to bypass current defense methods, and they are becoming increasingly complex and sophisticated. One of these techniques is Precision-Validated Phishing, a real-time email validation technique to ensure that targeted victims are high-value and accurate. This technique has several advantages, such as increasing attack efficiency, gathering information about accounts, and enhancing the quality for sale or use in other campaigns. Additionally, this technique makes investigations more challenging.
How it works
According to Cofense, this attack method targets only emails that have been confirmed as active, valid, and high-value. First, the victim visits a phishing website, and their email address is checked against the attacker's database before an account information form appears. If the email address does not match the data in the database they have collected, the website will return an error or redirect to a legitimate site. This hinders investigation teams from detecting and tracking.
Recent phishing campaigns investigated by Cofense have found that they use scripts written in JavaScript embedded in fake login pages to check information, targeting users within businesses.
This technique is carried out through:
API-based validation service: Attackers integrate user validation APIs into phishing tools, allowing them to validate emails in real-time.
JavaScript Validation: A fake login form contains a script that connects to the attacker's server when the user enters their email address, then validates that email address before entering the password.
Recommendations
Due to the complexity of this method, FPT Threat Intelligence advises users to be cautious when accessing unfamiliar or suspicious websites and links, and to avoid providing information to those sites. Additionally, businesses should train users to recognize these sophisticated attack methods.
