It’s a kind of credential phishing scheme that is precision-validating phishing which has been recently discovered by Cofense researchers. This approach attempts to verify stolen data by linking it to real live accounts across the internet. This unique scheme leverages real-time email validation to deliver counterfeit email login interfaces. Second, it specifically targets the individuals of highest value, making the attack that much more effective.
The stealthy-validating phishing campaign targets victims with a two-pronged fraud-archetype approach. It leverages an embedded URL that deceptively appears to point to a PDF file on a legitimate file storage service called files.fm. This PDF file will be removed shortly after you view it. This introduces a new twist to the scam’s complexity. Consequently, the threat actors can optimize their opportunities to succeed in harvesting valuable credentials.
The Mechanics of Precision-Validating Phishing
It would seem from Cofense’s research that precision-validating phishing is primarily used for credential theft. It verifies that the collected data correlates with real, active online accounts. Scammers rely on real-time validation checks of attacker email addresses to hone in on the highest-value targets. This methodology increases the likelihood that the stolen credentials are derived from highly active accounts.
“It increases the efficiency of the attack and the likelihood that stolen credentials belong to real, actively used accounts, improving the quality of harvested data for resale or further exploitation,” – Cofense
This approach is a stark departure from conventional phishing operations that typically use a shotgun approach, hitting as many people as possible without a specific target in mind. Precision-validating phishing tactics have advanced significantly. For one, attackers are targeting victims with much more precision, purposefully selecting targets.
Targeting High-Value Victims
Because of the campaign’s targeting of high-value targets, only select individuals are sent the fake login screens. By limiting their target to a more specific audience, the threat actors are able to focus their efforts on a much more likely successful attack. This insidious tactic is the most chilling. This indicates a slightly more sophisticated attempt to target high-value accounts for compromise.
“Both options lead to the same outcome, with similar goals but different approaches to achieving them,” – Cofense
The embedded URL looks like a link to an actual PDF file. Rather, it redirects victims to a fraudulent login page. The impending deletion of the one-page PDF file adds to the urgency. This pressure puts the victim on a tight deadline, making the decision even harder to navigate.
Implications for Online Security
As phishing tactics keep growing and changing, people and businesses need to stay alert to these complex attacks. Real-time email validation combined with targeted triage strategies are leveling the playing field against attackers. The changing landscape requires even more security to further protect sensitive information.
Cofense has always stressed that awareness and education are the first lines of defense in fight against these emerging threats. It all starts with users being vigilant when clicking on unfamiliar emails or redirects. This is particularly the case for those that attempt to drum up a sense of urgency.
“Almost as if the threat actor intentionally designed the attack to trap the user, forcing them to choose which ‘poison’ they will fall for,” – Cofense
