Hold Up That Legitimate Website Could Be a Trick to Steal Your Passwords
Hold Up! That Legitimate Website Could Be a Trick to Steal Your Passwords GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security
Mykyta Dolmatov / Getty Images Just because a legitimate service asks for your login credentials doesn't mean you aren't being gamed. According to researchers at Unit 42, the cybersecurity arm of Palo Alto Networks, cybercriminals are increasingly abusing true-blue software-as-a-service (SaaS) platforms, including various website builders and form builders, to host phishing pages. Using these above-board services helps fraudsters bring an air of legitimacy to their scams. "It's very clever because they know we can't [blocklist] the likes of Google and other [tech] giants," Adrien Gendre, Chief Tech and Product Officer with email security vendor, Vade Secure, told Lifewire over email. "But despite the fact that it is more difficult to detect phishing when a page is hosted on a high-reputation website, it is not impossible."
Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire What Is a 401 Unauthorized Error and How Do You Fix It? Protect Yourself From Malicious QR Codes How to Send a Form via Email How to Remove Your Information From the Web Can a Router Get a Virus? Are iPads Really That Safe from Viruses and Malware? How to Manage AutoComplete in Internet Explorer 11 The 4 Best Slack Security Tips to Keep Your Team Chats Safe 8 Tips on Basic Computer Safety What Is 'Whaling?' How to Remove That Microsoft Warning Alert How to Add PDF Files to Websites A Brief History of Malware How to Create a Strong Password Top 20 Internet Terms for Beginners Why We Fall for Texting Scams (and How to Stop) Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies
Hold Up! That Legitimate Website Could Be a Trick to Steal Your Passwords
Nothing a little vigilance can’t defeat
By Mayank Sharma Mayank Sharma Freelance Tech News Reporter Writer, Reviewer, Reporter with decades of experience of breaking down complex tech, and getting behind the news to help readers get to grips with the latest buzzwords. lifewire's editorial guidelines Published on August 29, 2022 12:12PM EDT Fact checked by Jerri Ledford Fact checked by Jerri Ledford Western Kentucky University Gulf Coast Community College Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming Fraudsters are increasingly relying on genuine services, like website builders, to host phishing campaigns, researchers have discovered. They believe using such legitimate services tends to make these scams appear credible.People can still detect these scams by looking for some telltale signs, suggest phishing experts.Mykyta Dolmatov / Getty Images Just because a legitimate service asks for your login credentials doesn't mean you aren't being gamed. According to researchers at Unit 42, the cybersecurity arm of Palo Alto Networks, cybercriminals are increasingly abusing true-blue software-as-a-service (SaaS) platforms, including various website builders and form builders, to host phishing pages. Using these above-board services helps fraudsters bring an air of legitimacy to their scams. "It's very clever because they know we can't [blocklist] the likes of Google and other [tech] giants," Adrien Gendre, Chief Tech and Product Officer with email security vendor, Vade Secure, told Lifewire over email. "But despite the fact that it is more difficult to detect phishing when a page is hosted on a high-reputation website, it is not impossible."
Genuine Fakes
Using legitimate services to trick users into handing over their login credentials isn’t new. However, researchers have noticed a massive increase of over 1100% in using this strategy between June 2021 and June 2022. Besides website and form builders, the cyber crooks are exploiting file sharing sites, collaboration platforms, and more. According to the researchers, the rising popularity of genuine SaaS services among cybercriminals is mostly because pages hosted in these services aren’t usually flagged by various fraud and scam filters, neither in the web browser nor in email clients. Furthermore, not only are these SaaS platforms easier to use than to create a website from scratch, but they also enable them to quickly switch to a different phishing page should one be taken down by law enforcement agencies. This abuse of genuine services for phishing doesn't surprise Jake, a Senior Threat Hunter at a Threat Intelligence company, who specializes in credential phishing, and who doesn't want to be identified as he investigates active phishing campaigns. While he agrees that it usually takes a little more effort to detect such abuse, it isn't impossible, adding that these legitimate services are often keener to act on abuse reports, making it much easier to take down malicious sites. In a discussion with Lifewire over Twitter, Jake said most phishing campaigns, including those hosted on legitimate services, have some obvious tell-tale signs for anyone paying attention. "These legitimate services often have banners or footers which threat actors can't remove, so sites such as Wix have a banner across the top, Google forms has a footer stating to never enter passwords into forms, etc.," said Jake.Eyes Peeled
Building on that, Gendre says that while the domain might be trusted, the phishing page will likely have some anomalies in the URL and the content of the page itself. Jake agrees, adding that, for starters, the page phishing for credentials will still be hosted on the abused website rather than the service whose credentials are being sought. For instance, if you find a password reset page for Gmail hosted on the website of a website builder like Wix, or a form builder like Google Forms, you can rest assured you’ve landed on a phishing page. bagotaj / Getty Images Moreover, with a little alertness, these attacks can be nipped in their bid, suggest the researchers. Just like other phishing attacks, this one too begins with a fraudulent email. "Users should be wary of any suspicious emails that use time-sensitive language to prompt a user to take some sort of urgent action," said the Unit42 researchers. Gendre believes people's biggest weapon against such attacks is patience, explaining that "people tend to open and respond to emails very quickly. Users should take the time to read and inspect the email to determine whether something is suspicious." Jake, too, suggests people don't click on links in emails and instead visit the website of the service that has apparently sent the email, either by entering its URL directly or through a search engine. "If you are able to use a password manager, these products are able to match the target URL with the current page you're using, and if they don't match, it won't enter your password, which should raise alarm bells," said Jake.Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire What Is a 401 Unauthorized Error and How Do You Fix It? Protect Yourself From Malicious QR Codes How to Send a Form via Email How to Remove Your Information From the Web Can a Router Get a Virus? Are iPads Really That Safe from Viruses and Malware? How to Manage AutoComplete in Internet Explorer 11 The 4 Best Slack Security Tips to Keep Your Team Chats Safe 8 Tips on Basic Computer Safety What Is 'Whaling?' How to Remove That Microsoft Warning Alert How to Add PDF Files to Websites A Brief History of Malware How to Create a Strong Password Top 20 Internet Terms for Beginners Why We Fall for Texting Scams (and How to Stop) Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies