HQ/EMEAFind out how we can help your business
Threat actors currently utilise new phishing kits that can precisely target specific individuals. Reports revealed that the method is ‘Precision-Validated Phishing’, which only displays fake login forms when a user provides an email address under the phishing operators’ target list.
Unlike traditional mass-targeting phishing, this innovative technology adopts a real-time email validation to ensure that the phishing content is only displayed to pre-verified, high-value recipients.
Moreover, the new method excludes any non-valid targets from the phishing process, effectively preventing their visibility within the operation.
Researchers also noted that the increased adoption of this new method has posed a serious practical difficulty for them. Researchers commonly leverage fake email accounts to map the credential theft campaign when analysing phishing sites.
However, with this new technique, faulty or test email addresses entered by researchers either generate an error or route them to innocuous websites.
This new tactic affects automated security crawlers and sandboxes used in research, lowering detection rates and extending the life of phishing operations.
The new phishing kits employ a couple of basic real-time email validation techniques.
The malicious actors that use these new phishing kits employ two basic strategies for real-time email validation. The first involves leveraging third-party email verification services built into the phishing kit to verify the legitimacy of the victim’s address in real time via API calls.
The second method is to include custom JavaScript on the phishing page. This script pings the attacker’s server with the email address victims enter to confirm whether it is on the pre-harvested list. If there is no match, the victim is redirected to a benign website.
Furthermore, the researchers note that overcoming this by just inputting the email address of the person who reported the phishing attempt is frequently hard due to use constraints imposed by their customers.
Even if they were permitted to use the actual target’s email address, some campaigns go a step further, delivering a validation code or link to the victim’s inbox after they enter a legitimate email address on the phishing website.
To finish the phishing process, victims must provide the code they received in their email, which security analysts cannot access.
This tactic has major implications for email security solutions, particularly those that rely on traditional detection methods, because they are more likely to fail to alert targets of phishing attempts.
Security providers must embrace new detection tactics that stress behavioural fingerprinting and real-time threat intelligence correlation to keep up with threat actors and their new phishing strategies.
