7.2 C
London
Monday, November 11, 2024

Criminals Use Search Engine Poisoning to Increase Phishing Pages


Phishing Attacks MisuseResearchers at Malwarebytes warn that cybercriminals are utilizing search engine poisoning to spice up phishing pages to the highest of Bing’s search outcomes. 

The researchers discovered once they searched “KeyBank login” in Bing, a spoofed KeyBank login web page appeared above KeyBank’s official web site.

“The area title used is ixx-kexxx[.]com which was registered on November 15,” the researchers write. “On condition that it’s only two weeks outdated and but got here up earlier than ibx.key.com (the true web site), we surmise that the attackers are abusing Bing’s search algorithms.”

After clicking the hyperlink, customers will probably be redirected to a convincingly spoofed model of KeyBank’s web site, the place they’ll be requested to enter their username and password. If the consumer complies, the location will present a “sluggish connectivity” message whereas the crooks enter the stolen credentials on KeyBank’s actual web site.

Notably, the criminals added a second web page that asks for the consumer’s multi-factor authentication (MFA) code. If the consumer has MFA enabled, they’ll obtain a immediate after the crooks try to log in with the stolen credentials.

Whereas MFA provides a precious layer of protection, individuals ought to know that attackers can nonetheless use social engineering to trick them into handing over their MFA codes.

“Multi-factor authentication remains to be extremely really helpful, however customers needs to be conscious that criminals can immediately ask for verification codes whereas pretending to be the true financial institution,” Malwarebytes says.

“We must also be aware that SMS verification is likely one of the weakest strategies for two-factor authentication. Safety questions (normally 3 of them) are additionally used to both reset a password or for another verification goal (possibly a login from a brand new browser or location). This phishing equipment additionally asks the victims to enter that info.”

KnowBe4 empowers your workforce to make smarter safety choices each day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

Malwarebytes has the story.



Latest news
Related news

LEAVE A REPLY

Please enter your comment!
Please enter your name here