Abusing Users’ Trust
Email protection firm Armorblox recently identified a credential theft phishing attack targeting over 20,000 users at a national institution within the education industry. The attack leveraged several common techniques to convince the user that the email and linked login page were legitimately associated with Instagram. This example takes advantage of human nature in the same way as several abuse-of-trust attacks we’ve detailed previously in this blog.
The initial email sent by the attackers contained the Instagram and Meta logos and utilized URLs containing the word “Instagram” to take advantage of users’ trust of the Instagram and Meta brands as a lure for the user to log in and “secure your account”. Because the email utilized URLs that could appear legitimate, and because the lure email looked legitimate and was free of spelling and grammar errors typically used to spot phishing emails, several techniques taught by cybersecurity training programs would be ineffective at getting users to report the email as a phishing attack.
Next, the web page that the email linked to also appeared professional and legitimate, utilizing the Instagram and Facebook logos as well as several legitimate Instagram links to make the page appear credible. The technique also prayed on the user’s concern that their Instagram account had already been compromised by alerting the user that there had been an “unusual login” and that they needed to enter their old password in order to change it. Of course, this was all a ruse to capture the user’s “old” password.
How Does ConcealBrowse Stop Credential Theft by Phishing?
Fortunately, ConcealBrowse can stop this type of phishing attack in its tracks by providing multiple levels of protection. First, any links users click are scanned by Conceal’s decision engine, which is built on advanced threat intelligence and assigns risk rankings to both reported and unreported infrastructure. Any known or suspected phishing sites are blocked before they are opened.
Next, ConcealBrowse’s AI-based phishing protection can identify phishing pages by comparing logos on the page with known domain names for the displayed company. In this case, even if the phishing page had never been reported as malicious, ConcealBrowse would have identified the fact that it did not reside on valid Instagram infrastructure – despite containing the Instagram logo – and blocked the user from providing credentials.
All of this powerful functionality is delivered in a simple plug-and-play package that requires minimal setup and configuration for your IT or security teams. In addition, information derived from our intelligence engine about visited URLs is available via our advanced telemetry feeds, and can be easily integrated into the rest of your security stack.
As social engineering gets more and more advanced, it will become ever more important to have the right tools to keep your network safe from phishing and ransomware. Click here to try ConcealBrowse today.