Monday, January 18, 23:32
Home security 50.000+ fake login pages detected in the 1st half of 2020!

50.000+ fake login pages detected in the 1st half of 2020!

More than 50.000 fake login pages were identified in the first half of 2020, many of which are diverse and represent different companies. According to a survey conducted by Ironscales, fake login pages are commonly used for support hacking campaigns such as spear-phishing, while its researchers found that fake login pages had been falsified by more than 200 well-known companies of world renown. The researchers also found that about 2.500 of the more than 50.000 fake login pages were polymorphic, with one fake link representing more than 300 different login pages.

According to Ironscales Brendan Roddas, diversity is due to the fact that an intruder applies small but significant and often random changes to a e-mail, such as content, copy, subject line, and sender name.
This allows attackers to quickly execute phishing attacks, with which they cheat tools signature email security not designed to recognize such modifications to the threats, allowing different variants of the same attack to reach employees' incoming messages without being detectable.

The survey also found that the company with the largest number of fake login pages is PayPal (11.000), followed by Microsoft (9.500) and the Facebook (7.000).

Ironscales reports that the most common recipients of fake login emails are in the financial services, healthcare services, technology companies as well as government agencies.

According to Chris Hauk, who deals with consumer privacy at Pixel Privacy, as long as fake login pages are still effective and deceive unsuspecting targets, the malicious agents behind them will continue to use them. Hauk added that the best way to tackle and eliminate these fake login pages is to properly and substantially educate users about the risks posed by these threats, but also about how they can be effectively dealt with. Hauk also suggested the use of utilities, which can identify such pages as the Ironscales URL and the link scanner.


Niamh Muldoon, senior security director at OneLogin, explained the main reasons why fake logins work. Initially, he pointed out that the key to the success of fake link pages is the huge lack of education, training and awareness of users about the threats that appear in the field of cyberspace - a gap that has grown significantly in recent months after the outbreak of the pandemic of COVID-19.

Muldoon then reported that the lack of control associated with creating websites, subscribing domain and related management, is another factor that contributes to the intensification of this phenomenon. This includes verifying the integrity of websites and / or domains in a preventive manner. Although there are procedures for removing sites and domains they contain malware or are not legal, these processes are extremely time consuming, resulting in end users being exposed in time between the fake pages that appear and the domains and IPs that are blacklisted or removed. In addition, Muldoon concluded that a global working group and international cooperation are needed to enforce domain and site registration and site management regulations to stop these pages from appearing.

Hugo van der Toorn, security officer at Outpost24, said the attacks were not aimed at a company, but at the names, trademarks and overall identities of the trademarks used to achieve certain goals. Therefore, rapid reporting and monitoring of attempts should be facilitated Phishing who infringe on branded companies and threaten their customers and, consequently, their reputation. Toorn added that once a phishing attempt is detected, companies should be able to issue a notice and, within hours, stop the phishing campaign. Finally, Toorn stressed that the main goal is the rapid and effective response of people who recognize and report these phishing attempts.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.



FCC: Extremists turn to radio equipment after banning from social media

The US government warns that extremists could turn to radio equipment to plan their future attacks, ...

Android: How to make Signal the default messaging app

Signal is a popular encrypted messaging application that focuses on privacy. It is an alternative to ...

Google Cloud: We use some SolarWinds, but we were not affected by the hack

Google Cloud CISO Phil Venables has revealed that the cloud uses software from the vendor, SolarWinds, but states that the use ...

Scotland Environment Service: ransomware continues to affect us

The Scottish Environmental Protection Agency (SEPA) has confirmed that it was hit by a ransomware attack last month and continues to face ...

Backdoors and vulnerabilities were discovered in FiberHome routers

Backdoors and other vulnerabilities have been discovered in the firmware of a popular FiberHome FTTH ONT router. FTTH ONT stands for Fiber-to-the-Home Optical Network ...

GitHub apologizes to an employee who fired! What happened;

GitHub has admitted that it was wrong to fire a Jewish official who made "anti-Nazi" comments about the Capitol riots.

By 2030 AI will replace the people of cybersecurity

Security company Trend Micro recently conducted a new survey that reveals that more than two-fifths (41%) of IT leaders believe ...

Chinese Winnti APT targets organizations in Russia and other countries!

Security researchers at Positive Technologies have uncovered a series of attacks carried out by a Chinese APT hacking team targeting organizations in Russia ...

Silicon Valley is investing a huge amount of money in India

From March to November, even when COVID-19 destroyed economies around the world, the richest man in India ...

Microsoft, Salesforce, Oracle are designing a digital vaccination passport

A Covid digital vaccination passport is being developed jointly by a team of health and technology companies, as well as governments, airlines and ...