That is the key question behind a new, sophisticated phishing technique recently discovered by cybersecurity firm Cofense, which they are calling precision-validating phishing. This approach flips the script on credential theft tactics. It employs real-time email validation to ensure that stolen credentials check out against legitimate online accounts. Attackers have found ways to deploy this technique to increase the effectiveness of their operations. Of greater importance, though, is how much they improve the quality of the data they collect.
This precision-validating phishing scheme only focuses on high-value targets. It doesn’t send them willy-nilly – it sends fake login screens only to a carefully chosen group of victims. This method even makes it more likely that any pilfered credentials go toward currently active accounts. Consequently, it highly increases the incentive on reselling or otherwise exploiting this information.
Mechanism of Attack
Cofense’s important new discovery sheds light on how this phishing campaign works, which focuses on a two-pronged attack strategy. The second component is real-time email validation. It verifies the validity of an email account prior to displaying a phishing login page custom-tailored for high value targets. This tactic increases threat actors’ likelihood of successfully achieving usable credentials. It helps to ensure that a sender is only hitting a pre-harvested list of valid email accounts.
On the first level, this attack is leveraged through an embedded URL that automatically downloads a PDF file. This demo is made available on the very secure file storage platform files.fm. It contains code telling it to erase itself after a set number of days. By hiding their phishing attempt in a legitimate service, the attackers make it less likely that their phishing attempt will be detected by cybersecurity defenses.
“It increases the efficiency of the attack and the likelihood that stolen credentials belong to real, actively used accounts, improving the quality of harvested data for resale or further exploitation,” – Cofense
Implications for Cybersecurity
This new precision-validating phishing technique represents one of the greatest existential challenges for the individual and organization ever seen. Attackers are always sharpening their tools. This goes on to pose a high risk of credential theft, particularly to high-value targets that may be unprepared or not attuned to such advanced and well-designed schemes.
Cofense notes that this new type of phishing is almost as if “the threat actor intentionally designed the attack to trap the user, forcing them to choose which ‘poison’ they will fall for.” This suggests that users must remain vigilant and exercise caution when interacting with unsolicited emails or messages that request sensitive information.
Additionally, both of these options offered in these phishing emails will ultimately take you to the same place – just via different methods. Attackers are always changing their tactics, techniques, and procedures. Thus, organizations need to commit resources toward comprehensive training and awareness programs that equip users to identify and mitigate these constantly evolving threats.
Recommended Preventative Measures
In order to counteract this surging precision-validating phishing campaign threat, cyber security experts advise the following preventive tips. To address these threats, organizations need to improve upon their email filtering solutions to better detect anomalous behavior. This will greatly reduce the likelihood of phishing emails getting through to employees.
Implementing multi-factor authentication (MFA) significantly increases the protection of your online accounts. This additional layer complicates things a great deal for attackers attempting to break into your accounts, even with your credentials in hand. Routine training programs that keep employees up to date on the most recent threats can help reinforce protections against these increasingly sophisticated phishing attacks.