An expert security company has issued a warning to users of Microsoft Outlook, hotmail and Google Gmail after reporting a massive 240% rise in email phishing scams. Cyber defence firm BlueVoyant has spoken about “dynamic phishing” and “smishing” scams due to their reputation for being difficult to identify.
BlueVoyant has listed typical warning signs in order to help people spot dodgy emails. One technique that scammers often use is multiple redirect paths after a user has clicked on an email link, making people think that, after landing on a legitimate website, it is a genuine website, but then being taken to a fake one.
In this technique, users who are presumed to be threat hunters or phishing analysts attempting to catch out the scam will be sent to an error page instead, while consumers will be sent to “spoofed domains.”
BlueVoyant’s report says: “These evasion mechanisms include User Agent (this detects what browser you are using) or IP restrictions and blocklisting, with significant emphasis placed on bot and crawler detection. The purpose of this type of redirection is to hide the phishing content on a single website by diverting anyone or anything that might be trying to detect the scam, i.e. a search engine, security software and companies.
“Dynamic DNS hosting providers are particularly popular among threat actors because they provide a convenient platform to easily set up and host multiple phishing pages without having to register a domain.
“BlueVoyant has been tracking phishing activity leveraging this infrastructure since 2021, and found that 67% of all phishing attacks were hosted on dynamic DNS infrastructure by the end of that year, demonstrating the infrastructure’s quick adoption and massive scale of use.”
Researchers from the company also say they’ve also observed a steady increase in SMS text phishing.
“To carry out a successful smishing attack, threat actors require an automated tool that can send SMS messages in bulk,” the report says.
“SMS gateway scripts are sold on the deep and dark web as all-inclusive solutions, which are rather easy to operate, and require very little technical knowledge.”