Akamai cybersecurity researchers have discovered a new element phishing Campaign targeting US consumers with fake holiday offers. The aim of the campaign is sensitive theft identification Credentials such as credit card information, and their money in the end.
Threat actors create landing pages impersonating some of the largest brands in the United States, including Dick’s, Tumi, Delta Airlines, Sam’s Club, Costco, and others.
The landing page, often hosted on reputable cloud services such as Google, or Azure, directs users to complete a short survey, after which they will be promised a prize. The survey will also be timed to five minutes, using urgency to draw people’s attention away from potential red flags.
Unique phishing URLs
After completing the survey, the victims will be declared “winners”. The only thing they have to do now, in order to claim their prize, is pay for shipping. This is where they provide their sensitive payment information, for later use by attackers in various ways.
However, what makes this campaign unique is its token-based system that allows it to fly under the radar and not be picked up by cyber security solutions.
As the researchers explain, the system helps redirect each victim to a unique URL of the phishing page. URLs vary based on the victim’s location, as scammers look to impersonate locally available brands.
This value will also be lost if it was returned by the traffic inspector.
Cyber security solutions overlook this token, which helps threat actors stay out of sight. On the other hand, searchers, analysts, and other unwanted visitors are kept away, because without the appropriate code, the site will not load.
Across: Computer (Opens in a new tab)