One very common method of social engineering that information security professionals see nowadays is spoofed login pages. Found via malicious emails, or perhaps through redirecting users in an infected application, well-known companies are being impersonated. This leads innocent, and often oblivious, individuals to give their personal data to scammers. The rate at which these incidents occur seems to be increasing, namely because the spoofed login pages are looking nearly identical to the real thing.
Researchers at Ironscales have investigated this, and in a new blog post, have published their findings regarding this phenomenon. Ironscales researchers sought to find out just how many of these pages were out there, and additionally, looked to find which companies were being impersonated the most. What was found was that there was a staggering amount of spoofed login pages in 2020 alone, totaling over 50,000 and impersonating more than 200 companies.
The following excerpt from the posts speaks to the complexity of these login pages and why they are so successful in their social engineering attacks:
Nearly 5% (2,500) of the 50,000 fake login pages were polymorphic, with one brand garnering more than 300 permutations... the most common recipients of fake login page emails work in the financial services, healthcare and technology industries as well as at government agencies... the top 5 brands with the most fake login pages closely mirrors the list of brands that frequently have the most active phishing websites.
In addition to this, Ironscales surmises that there two major reasons for these login pages being successful. The first is the ability for many messages with malicious links being able to bypass security measures like secure email gateways and spam filters. The other is what the researchers call “inattentional blindness.” This causes people who are focused on a task, such as logging into their bank account after a threatening message, to ignore warning signs like incorrect URL addresses.
The research proves that phishing attempts via spoofed logins will continue to grow in complexity, especially as more of these pages become polymorphic.
Featured image: Wikimedia Commons / Geugeor