Phishing Site Impersonates Financial Services Institution

Phishing Site Impersonates Financial Services Institution
Michael Marriott
Read More From Michael Marriott
October 10, 2018 | 3 Min Read

If the infamous bank robber, Willie Sutton, were alive today and honed his cyber skills, he might turn his attention to phishing and domain spoofing. Why? Because, as he once said about banks, “that’s where the money is.”

An IT manager of a multinational financial services (FinServ) holding company experienced this first-hand. He discovered malicious actors targeting his organization through a phishing site impersonating their brand and had the site taken down.

 

Catching Big Phish

Phishing sites are a common way for threat actors to harvest credentials and defraud customers. The barriers to entry for phishing have lowered even more now as attackers can purchase phishing toolkits and phishing pages on criminal forums and marketplaces.

Figure 1: Screen shot of criminal forum listing offering phishing pages for sale (Source: n0va[.]shop)

 

Posing as the official site of the financial institution, they trick users into entering credentials and other valuable information that they can sell on dark web marketplaces or online forums or use themselves to steal from customers or launch subsequent attacks. Whichever way the threat actor chooses to monetize that information, the FinServ institution can lose revenue and suffer reputational damage. Here’s how it works.

 

Figure 2: Screen shot from Digital Shadows SearchLight™ alert of site impersonating Digital Shadows’ website

 

The Hook, Line and Sinker of Domain Spoofing

Hook. Bad actors put significant effort into developing a façade that can fool the casual user. In this case they registered two domains and used typosquatting to make a small change in the URL, changing an “m” to an “rn”, and for the second domain added the suffix “finance”. The content on the landing page of the spoofed site was an exact mirror of the FinServ company’s site.

 

Line. With the site up and ready, the next step is to lure customers or staff to the sites. The threat actors used social engineering to tailor emails and make them as compelling as possible, so unsuspecting recipients would click on a link to the spoofed domain.

 

Sinker. To increase their return on investment, the attacker limited the actual functionality on the site to only what they needed to accomplish their mission. When the user input their username and credentials in the login box, they received an error and were asked to try again later. But the damage was done – the attacker had the credentials in hand to monetize in a variety of ways.

 

How did the IT manager learn their domain was being spoofed and what are they doing to keep it from happening again? See how Digital Shadows SearchLight™ enables organizations to detect and mitigate this type of risk: Test Drive SearchLight™ Free Here.

 

To learn more about identifying which cyber threats to prioritize, where to monitor for leaked intellectual property, and how to access hard-to-reach areas like the dark web, subscribe to our newsletter here.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Cybersecurity Awareness Month: Week 4 – The Future of Connected Devices

Cybersecurity Awareness Month: Week 4 – The Future of Connected Devices

October 28, 2020 | 8 Min Read

This year’s Cybersecurity Awareness Month...
Quarterly Update: Ransomware Trends in Q3

Quarterly Update: Ransomware Trends in Q3

October 19, 2020 | 8 Min Read

As we embark on the final months of 2020,...
Digital Shadows Analysis of Europol’s Cybercrime Report

Digital Shadows Analysis of Europol’s Cybercrime Report

October 14, 2020 | 12 Min Read

In early October 2020, Europol released...
Cybersecurity Awareness Month: Week 2 – Security Devices at Home and Work

Cybersecurity Awareness Month: Week 2 – Security Devices at Home and Work

October 14, 2020 | 7 Min Read

This week, National Cyber Security Awareness...
Help your development teams keep their keys safe

Help your development teams keep their keys safe

October 7, 2020 | 3 Min Read

Modern development practices are a blessing...
Four Ways to Validate Credentials in SearchLight

Four Ways to Validate Credentials in SearchLight

September 29, 2020 | 3 Min Read

Amid the billions of credentials that are...
Access Keys Exposed: More Than 40% Are For Database Stores

Access Keys Exposed: More Than 40% Are For Database Stores

September 14, 2020 | 6 Min Read

By now, we’ve all heard news about AWS...
Revisiting Typosquatting and the 2020 US Presidential Election

Revisiting Typosquatting and the 2020 US Presidential Election

September 2, 2020 | 11 Min Read

In October 2019, Digital Shadows’ Photon...
Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...
Account takeover: Expanding on impact

Account takeover: Expanding on impact

July 27, 2020 | 7 Min Read

Digital Shadows has collected over 15 billion...
From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

July 7, 2020 | 9 Min Read

Account Takeover: Why criminals can’t...
3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...
COVID-19: Risks of Third-Party Apps

COVID-19: Risks of Third-Party Apps

April 7, 2020 | 7 Min Read

As the global community continues to pursue...
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

Threat models are an often discussed but...
The Complete Guide to Online Brand Protection

The Complete Guide to Online Brand Protection

March 18, 2020 | 17 Min Read

  I’m not one for cheesy belief...
The Ecosystem of Phishing: From Minnows to Marlins

The Ecosystem of Phishing: From Minnows to Marlins

February 20, 2020 | 31 Min Read

YOU JUST WON $1,000. CLICK HERE TO CLAIM YOUR...
Third Party Risk: 4 ways to manage your security ecosystem

Third Party Risk: 4 ways to manage your security ecosystem

January 16, 2020 | 5 Min Read

  The digital economy has multiplied the...
Combatting Domain-Centric Fraud: Why Mimecast is partnering with Digital Shadows

Combatting Domain-Centric Fraud: Why Mimecast is partnering with Digital Shadows

November 7, 2019 | 3 Min Read

This is a guest blog, authored by Matthew...
Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

October 16, 2019 | 15 Min Read

Typosquatting. It’s a phrase most of us know in...
Domain Squatting: The Phisher-man’s Friend

Domain Squatting: The Phisher-man’s Friend

October 1, 2019 | 8 Min Read

In the past we have talked about the internal...
Extortion, Sale, Reconnaissance, & Impersonation: 4 Ways Your Digital Footprint Enables Attackers

Extortion, Sale, Reconnaissance, & Impersonation: 4 Ways Your Digital Footprint Enables Attackers

July 2, 2019 | 6 Min Read

Whether it’s intellectual property, proprietary...
Facebook’s Libra Cryptocurrency: Cybercriminals tipping the scales in their favor

Facebook’s Libra Cryptocurrency: Cybercriminals tipping the scales in their favor

June 27, 2019 | 8 Min Read

The announcements of Facebook’s new...
Managing Digital Risk: 4 Steps to Take

Managing Digital Risk: 4 Steps to Take

June 18, 2019 | 9 Min Read

Organizations are finding it increasingly...
Automating 2FA phishing and post-phishing looting with Muraena and Necrobrowser

Automating 2FA phishing and post-phishing looting with Muraena and Necrobrowser

May 21, 2019 | 6 Min Read

Phishing remains one of the most pervasive...
Cyber Talent Gap: How to Do More With Less

Cyber Talent Gap: How to Do More With Less

May 14, 2019 | 5 Min Read

The challenge facing us today is twofold: not...
Enabling Soi Dog’s Digital Transformation: A Case Study

Enabling Soi Dog’s Digital Transformation: A Case Study

May 8, 2019 | 3 Min Read

At the beginning of this year I was introduced to...
Easing into the extortion game

Easing into the extortion game

April 3, 2019 | 4 Min Read

One of the main ideas which flowed through...
Dark Web Typosquatting: Scammers v. Tor

Dark Web Typosquatting: Scammers v. Tor

March 21, 2019 | 7 Min Read

Time and time again, we see how the cybercriminal...
How to Secure Your Online Brand

How to Secure Your Online Brand

March 20, 2019 | 4 Min Read

What is online brand security? As we outlined in...
Extortion Exposed: Sextortion, thedarkoverlord, and SamSam

Extortion Exposed: Sextortion, thedarkoverlord, and SamSam

February 21, 2019 | 3 Min Read

In our most recent research, A Tale of Epic...
Introducing Our Practical Guide to Reducing Digital Risk

Introducing Our Practical Guide to Reducing Digital Risk

February 12, 2019 | 5 Min Read

Download a copy of A Practical Guide to Reducing...
Understanding Digital Risk Protection

Understanding Digital Risk Protection

February 8, 2019 | 3 Min Read

There has been a lot of talk recently about...
You’ve got a digital strategy, but how are you managing digital risks?

You’ve got a digital strategy, but how are you managing digital risks?

February 7, 2019 | 3 Min Read

Download a free copy of Digital Risk: The...
Security Practitioner’s Guide to Email Spoofing and Risk Reduction

Security Practitioner’s Guide to Email Spoofing and Risk Reduction

January 24, 2019 | 13 Min Read

In our previous extended blog, Tackling Phishing:...
Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

December 12, 2018 | 8 Min Read

Overall, the infosec community has done a...
Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

November 15, 2018 | 2 Min Read

VIPs and executives who are critical to your...
Business Email Compromise: When You Don’t Need to Phish

Business Email Compromise: When You Don’t Need to Phish

October 4, 2018 | 4 Min Read

According to the FBI, Business Email Compromise...
Cyber Security Awareness Month: Week 1 – Credential Hygiene

Cyber Security Awareness Month: Week 1 – Credential Hygiene

October 3, 2018 | 5 Min Read

It’s the opening week of the annual National...
Sextortion – When Persistent Phishing Pays Off

Sextortion – When Persistent Phishing Pays Off

September 6, 2018 | 4 Min Read

You may have heard of a recent surge in...
Five Threats to Financial Services: Phishing Campaigns

Five Threats to Financial Services: Phishing Campaigns

August 8, 2018 | 7 Min Read

In our last blog, we highlighted how banking...
Reducing Your Attack Surface: From a Firehose to a Straw

Reducing Your Attack Surface: From a Firehose to a Straw

July 5, 2018 | 6 Min Read

What is Attack Surface Reduction? Attack Surface...
It’s Accrual World: Tax Return Fraud in 2018

It’s Accrual World: Tax Return Fraud in 2018

March 7, 2018 | 5 Min Read

With just over a month until Tax Deadline Day,...
Protecting Your Brand: Return on Investment

Protecting Your Brand: Return on Investment

February 27, 2018 | 3 Min Read

Last week I was joined by Brett Millar, Director...
Phishing for Gold: Threats to the 2018 Winter Games

Phishing for Gold: Threats to the 2018 Winter Games

February 6, 2018 | 7 Min Read

Digital Shadows has been monitoring major...
Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

January 30, 2018 | 7 Min Read

I am one of you. I have been in the marketing...
Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

January 16, 2018 | 5 Min Read

This post originally appeared on...
Groupthink

Know Where to Find Your Digital Risk

November 10, 2017 | 4 Min Read

This post originally appeared on SecurityWeek....
NIST Authentication

Authentication Nation: 5 Ways NIST is Changing How We Think About Passwords

May 9, 2017 | 4 Min Read

Passwords have taken a beating over the past...
Brand Reputation Digital Risk

The 3 Pillars of Digital Risk Management: Part 3 – The Top 5 Main Risks of Reputational Damage

April 27, 2017 | 2 Min Read

In this 3-part blog series, we discuss how each...
Cyber Threats

The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats

April 13, 2017 | 3 Min Read

What is Digital Risk Management? The National...
Mobile Threats

Monitoring the Mobile Threat Landscape

April 4, 2017 | 4 Min Read

The UK’s National Cyber Security Centre (NCSC)...
Mobile App Screen

5 Risks Posed By Mobile Applications That SearchLight Helps You Manage

March 14, 2017 | 2 Min Read

Organizations face a wide range of risks online,...
Social Media Oversharing

Overexposed and Under-Prepared; The Risks of Oversharing Online

November 8, 2016 | 4 Min Read

I have a confession to make. I know where you...
Email Security

Five Tips For Better Email Security

November 8, 2016 | 4 Min Read

While security is everyone’s responsibility,...
Professional Services Digital Shadows

Digital Risk Monitoring Is A Service, Not a Distinct Capability

October 11, 2016 | 2 Min Read

Digital Shadows was recently recognized as a...
Five Tips To Make Your Passwords Better

Five Tips To Make Your Passwords Better

September 26, 2016 | 4 Min Read

While security is everyone’s responsibility,...
Forrester

Digital Risk Monitoring Can Negate ‘Indicators of Exhaustion’

September 26, 2016 | 2 Min Read

When I first joined Digital Shadows in January, I...