Cybersecurity researchers from Akamai have spotted a new phishing campaign that targets consumers in the United States with fake holiday offers. The goal of the campaign is to steal sensitive identity credentials like credit card information, and ultimately their money.
The threat actors are creating landing pages that impersonate some of the biggest brands in the US, including Dick’s, Tumi, Delta Airlines, Sam’s Club, Costco, and others.
The landing page, often hosted on reputable cloud services like Google or Azure, directs users to complete a short survey, after which they’d be promised a prize. The survey would also be time-limited to five minutes, using urgency to draw people’s attention away from potential red flags.
Unique phishing URLs
After completing the survey, the victims would be pronounced “winners”. The only thing they’d now need to do, in order to receive their prize, is to pay for the shipping. This is where they’d give away their sensitive payment information, to be later used by the attackers in different ways.
However, what makes this campaign unique is its token-based system that allows it to fly under the radar and not get picked up by cybersecurity solutions.
As the researchers explain, the system helps redirect each victim to a unique phishing page URL. The URLs differ based on the victim’s location, as crooks look to impersonate locally available brands.
“This value will also be missed if viewed by a traffic inspection tool.”
Cybersecurity solutions overlook this token, helping threat actors keep a low profile. On the other hand, researchers, analysts, and other unwanted visitors, are kept away, as, without the proper token, the site won’t load.
Via: BleepingComputer (opens in new tab)