• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
Evasion Techniques in Phishing Attacks

Evasion Techniques in Phishing Attacks

August 22, 2017Fernando BarbosaEspanolPortugues

46
SHARES
FacebookTwitterSubscribe

We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the Apple ID store and asks for your login information to proceed? This tactic is called phishing, and attacks are exponentially on the rise.

Used by hackers to encourage unsuspecting victims to hand over their data, these deceptive email campaigns, SMS alerts, and fake websites are often designed to look and sound authentic. Cybercriminals use these social engineering tactics to trick people into providing sensitive information such as credit card data and login credentials.

Growth & Sophistication

Last year, we covered how modern web phishing works and discussed the complexity and technical details of advanced phishing attacks.

The growth of phishing attacks has been dramatic and continues to increase. The latest report from State of the Phish reported that 76.5% of security professionals said they were a victim of a phishing attack in 2016.

The Institute of Information Security Professionals (IISP) recently conducted a poll and discovered that 81% of their members believed people to be the largest challenge facing security professionals.

On January 2017, Firefox and Chrome began flagging HTTP login pages as insecure in an attempt to make phishing pages more recognizable. Shortly afterward, anti-phishing company Netcraft’s Paul Mutton noted that HTTPS phishing sites increased threefold, suggesting that fraudsters are quick to adapt and that users should continue to tread cautiously.

One of the biggest challenges our researchers have identified is that website owners are simply unaware of the fact that their websites may be hacked and serving phishing pages or other nefarious assets.

As attacks become more sophisticated, these social engineering techniques can pose a significant threat to users, organizations, and website owners like yourself.

Phishing Websites & Evasion Techniques

During a recent incident response, we identified a phishing directory called “login-apple-account” on a customers website. When accessing the path via HTTP, users were taken to a very convincing spoof of the Apple ID website:

Apple ID Phishing Attack PageWhat made this attack special was that the campaign implemented several different evasion techniques, making it difficult for authorities to detect and blacklist.

The page was displayed on a conditional basis, redirecting search engines, antivirus, and anti-phishing companies to the official Apple ID website.

The “login-apple-account/assets/includes/netcraft_check.php” file, for instance, prevented access to the malicious page if the user-agent matched Netcraft.

In this example, the user-agent would simply be redirected to a Google search result page instead:

Snippet That Redirects User Agents to Google Phishing AttacksOther files included a carefully curated list of antivirus and antiphishing IP addresses whose access to the page were blocked.

IP Ranges Blocked by Hackers in Phishing AttacksBy restricting these IP’s, the hackers were able to prevent the discovery and blacklisting of the malicious page during regular website crawls.

Detecting & Remediating Phishing Attacks

Phishing injections can be difficult to detect. It’s imperative that website owners actively monitor the integrity of their files and directories. To identify whether a website has been flagged, you can check PhishTank, a collaborative clearinghouse for data and information about phishing, operated by OpenDNS.

Removing the phishing directory is not enough to permanently resolve the issue. You also have to look for any backdoors within website’s files and keep your software updated.

If you’re a website owner and suspect that your website may be involved in a phishing campaign, Sucuri’s server-side scanner can detect and alert you of potential issues. Our monitoring services will check blacklisting status on PhishTank and Google on a daily basis to detect whether a website has been flagged or is serving dangerous or deceptive content.

Struggling with a phishing attack or deceptive content warning on your website? Our malware removal experts would love to give you a hand!

46
SHARES
FacebookTwitterSubscribe

Categories: Security Education, Website SecurityTags: Conditional Malware, Hacked Websites, Malware Cleanup, Phishing

About Fernando Barbosa

Fernando Barbosa is a Sucuri's Software Development Manager who joined the company in 2012. Fernando's main responsibilities include leading Sucuri's backend teams and engineering solutions for our suite of security products. His professional experience also covers five years of malware analysis and incident response. When Fernando isn't working, you might find him having good times with his family. Connect with Fernando on Twitter.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

2019 Threat Report

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.