Phishing Attacks: What You Need to Know Now – Arkose Labs

Phishing Attacks: What You Need to Know Now

According to the FBI Internet Crime Report 2021, phishing was the fastest growing type of internet crime from 2019 to 2021, and bad actors continue to evolve their phishing attack techniques. The latest phishing attack, EvilProxy, allows even inexperienced criminals to use reverse proxy and cookie-injection methods to provide a way around two factor authenticated (2FA) sessions on a large scale.

What is a phishing attack?

Phishing is the practice of attackers sending malicious emails meant to lead users to fall for a scam. Phishing attacks attempt to trick users into clicking on web links that will download malware or redirect to a malicious website with the intent of gathering private information such as login credentials, multifactor authentication (MFA) tokens, and financial information. 

Phishing emails and phony websites frequently appear to be from well-known people or organizations, such as the victim’s bank, place of employment, or institution. Attackers try to gather sensitive data from these websites, such as payment information or usernames and passwords.

What industries are targeted by phishing attacks?

Because most phishing attempts are intended to make money, attackers primarily target organizations that keep credit card information or those that have the resources to make sizable payments. An entire company, or just certain users, may be the target. The primary industries targeted include:

  • Ecommerce
  • Social media
  • Fintech and traditional financial institutions
  • Payment systems (merchant card processors)
  • IT / software companies
  • Telecommunication companies

These are the most-targeted industries, but anyone or any organization can fall victim to phishing attacks. 

Types of phishing attacks

There are many types of phishing attacks, and the list grows all the time. Here are four of the most common types of phishing attacks:

  1. Email phishing

Attackers use different phishing techniques but the most prevalent is via malicious URLs sent to the victim through emails. Phishing emails try to deceive recipients into disclosing personal information, like online account credentials and personally identifiable information (PII).

  1. Malicious links/link manipulation

Malicious links take users to impostor websites that are hosted entirely on attacker-owned and compromised web servers where attackers would host realistic looking copies of the target websites in the hope of convincing users to disclose their credentials.

Hosting imposter websites has been the most widely used phishing method for a while, but this setup requires considerable effort to create and update imposter websites to ensure they are always in sync with the target website. 

  1. Spear phishing

Here, the goal is to deceive recipients—typically high-privilege account holders—into disclosing sensitive information, sending the attacker money, or downloading malware.

  1. Angler phishing

Using social media, attackers respond to postings while impersonating a legitimate company in an effort to deceive victims into disclosing account information and personal data.

What is a phishing kit?

Phishing attack methods eventually evolved to using pre-packed phishing kits. Phishing kits contain all the infrastructure needed for a phishing campaign, including:

  • Automated tools
  • Scripts
  • Templates for creating fake emails and websites
  • A web server
  • Storage used to collect credentials

The attackers also register dozens of domains to avoid being detected by WAF-deny lists and spam filters.

The latest evolution of phishing kits is the Man-in-the-Middle (MITM) toolkit where toolkits act as malicious reverse proxy servers of online services, mirroring target website contents to users while extracting credentials like MFA tokens and session cookies in transit. The MITM phishing kits also automate the harvesting of two-factor authenticated (2FA) sessions.

Some of the most widely used MITM phishing toolkits are Evilginx and Modlishka. EvilProxy is the most recent and uses the same “reverse-proxy” approach to lure victims to phishing sites and then sniff out the traffic to extract credentials and MFA tokens. 

Anatomy of a phishing attack

Visual image of the anatomy of a phishing attack

However, this approach breaks down when the site employs security measures that cannot be proxied, require user interaction, and are difficult to automate. The adaptive challenge response offered by Arkose Labs as part of the Arkose Protect™ solution is one such solution that cannot be automated by the MITM reverse proxies.

Phishing protection from Arkose Protect

Arkose Protect combines highly-transparent detection with targeted attack response to catch fraud early in the customer journey, without impacting good users. The solution is configured on the website’s login and registration workflows prior to the MFA step. The login or the registration workflows can be completed provided the web server receives the token issued by the Arkose Platform on successful completion of the detection and adaptive challenge response process. 

Arkose Protect’s new phishing detection not only protects from man-in-the-middle attacks by requiring our token to be present, but also in some cases alert the end consumer about the phishing attack.

Phishing Attack without Arkose Protect

Diagram depicting a reverse proxy phishing attack without Arkose Protect

Phishing Attack With Arkose Protect

Diagram depicting a reverse proxy phishing attack with Arkose Protect

The unique position of the Arkose Protect solution in the website’s login/registration workflow, combined with its advanced phishing detection and challenge capabilities, makes it a potent defense mechanism against reverse-proxy-based MITM phishing attacks.

About Arkose Labs

Arkose Labs is the global leader in bot management and online account protection, which is why the world’s leading companies choose to partner with the firm to beat the adversary. Its mission is to create an online environment where all consumers are protected from malicious activity. And its foundational technology ensures it accomplishes the mission. Its AI-based platform combines powerful risk assessments with dynamic attack response that significantly increases the adversary’s effort to attack, which ultimately undermines the ROI behind those attacks. When financially-motivated attackers cannot make enough money attacking a company, they move on to less protected targets. 

The company offers the world’s first and only $1 million credential stuffing warranty. Headquartered in San Mateo, CA with offices in Brisbane and Sydney, Australia, San Jose, Costa Rica, and London, UK, Arkose Labs debuted as the 83rd fastest-growing company in North America on the 2021 Deloitte Fast500 ranking.

*** This is a Security Bloggers Network syndicated blog from Arkose Labs authored by Vikas Shetty. Read the original post at: