Spoofed login pages growing quickly to become major cyberthreat

One very common method of social engineering that information security professionals see nowadays is spoofed login pages. Found via malicious emails, or perhaps through redirecting users in an infected application, well-known companies are being impersonated. This leads innocent, and often oblivious, individuals to give their personal data to scammers. The rate at which these incidents occur seems to be increasing, namely because the spoofed login pages are looking nearly identical to the real thing.

Researchers at Ironscales have investigated this, and in a new blog post, have published their findings regarding this phenomenon. Ironscales researchers sought to find out just how many of these pages were out there, and additionally, looked to find which companies were being impersonated the most. What was found was that there was a staggering amount of spoofed login pages in 2020 alone, totaling over 50,000 and impersonating more than 200 companies.

The following excerpt from the posts speaks to the complexity of these login pages and why they are so successful in their social engineering attacks:

Nearly 5% (2,500) of the 50,000 fake login pages were polymorphic, with one brand garnering more than 300 permutations... the most common recipients of fake login page emails work in the financial services, healthcare and technology industries as well as at government agencies... the top 5 brands with the most fake login pages closely mirrors the list of brands that frequently have the most active phishing websites.

In addition to this, Ironscales surmises that there two major reasons for these login pages being successful. The first is the ability for many messages with malicious links being able to bypass security measures like secure email gateways and spam filters. The other is what the researchers call “inattentional blindness.” This causes people who are focused on a task, such as logging into their bank account after a threatening message, to ignore warning signs like incorrect URL addresses.

The research proves that phishing attempts via spoofed logins will continue to grow in complexity, especially as more of these pages become polymorphic.

Featured image: Wikimedia Commons / Geugeor

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Contactless payments are hot, but are they secure?

The trend to contactless payments has accelerated as retailers and consumers adjust to COVID-19 realities.…

7 hours ago

Season’s fleecings: CISA warns on holiday shopping scams

The U.S. Department of Homeland Security is warning that online holiday shopping scams may be…

11 hours ago

Azure DNS: Using Azure DevOps to protect public DNS zones

This in-depth tutorial shows you how to use features available in Azure DevOps to boost…

14 hours ago

Report: Baidu Android apps had potential to expose data

Two apps from Chinese tech giant Baidu that had been available in the Google Play…

1 day ago

Shining a light on the dark shadow cast by shadow IT

Employees who don’t have the tools to get their jobs done sometimes turn to the…

2 days ago

Microsoft 365 troubleshooting: Diagnostic tools at your fingertips

Many Exchange Server troubleshooting tools don’t work with Microsoft 365. Fortunately, Microsoft has a bunch…

4 days ago