Akamai cybersecurity researchers have uncovered a new phishing campaign targeting consumers in the United States with fake holiday deals. The aim of the campaign is to steal sensitive credentials such as credit card information and ultimately their money.
Threat actors create landing pages that impersonate some of the biggest brands in the US, including Dick’s, Tumi, Delta Airlines, Sam’s Club, Costco, and others.
The landing page, often hosted on reputable cloud services such as Google or Azure, directs users to complete a short survey after which they are promised a reward. The poll would also be timed to five minutes, using urgency to distract people from potential red flags.
Unique phishing addresses
After completing the survey, the victims will be declared “winners”. All they have to do now to get their reward is pay for shipping. This is where they entered their sensitive payment information, which was later used by the attackers in various ways.
However, what makes this campaign unique is the token-based system that allows it to fly under the radar and undetected by cybersecurity solutions.
As the researchers explain, the system helps redirect each victim to a unique phishing page URL. The URLs vary depending on the victim’s location as scammers try to impersonate locally available brands.
“This value will also be skipped if displayed by the traffic control tool.”
Cybersecurity solutions bypass this token, helping cybercriminals remain discreet. On the other hand, researchers, analysts and other unwanted visitors are kept away because without the right token the page will not load.
By: Beeping Computer (opens in a new tab)