Email protection firm Inky recently reported on a credential harvesting campaign targeting customers of Ring, the company famous for doorbells and other smart home security products. In addition to harvesting users’ Ring credentials, the attackers also utilized common phishing techniques to harvest credit card information of the victims.
While the report doesn’t provide information on the rate of success for the attack, Ring products can be used to capture video both inside and outside of homes, on car dashcams, and to provide other data about the inside of a home and its security measures. It’s also possible to control smart door locks via the Ring app, meaning that an attacker with Ring credentials could gain physical access to a home. Access to a Nest account could be a goldmine for all kinds of attacks, both technical and physical.
The attackers relied primarily on common phishing techniques, like hiding their malicious URL under a visible link that tricked users into thinking they were clicking on a legitimate Ring URL while they were actually visiting a malicious one. The credential harvesting sites also utilized Ring logos and branding in an attempt to make the site appear more legitimate.
While these types of phishing attacks are common, they can often be stopped by email-based anti-phishing tools. To get around these protections, the attackers delivered their malicious link inside of an HTML file attached to the email. Clicking the attachment opened the local file in the web browser and presented the user with the link to the online phishing page. So, instead of clicking on the malicious link in the email client where existing anti-phishing products typically operate, the malicious link is opened in the browser, which typically has less protection.
How Can Phishing Attacks be Stopped in the Browser?
Fortunately, ConcealBrowse hardens the browser regardless of where a malicious link is clicked. In the case of this attack against Ring users, the initial HTML file might have escaped traditional email-based security tools. Fortunately, ConcealBrowse would scan the malicious URL, identify it as a phishing attack, and prevent users from providing their sensitive credentials and credit card data.
Written by: Conceal Research Team