2022 has just begun and we’ve already seen dozens of malicious email campaigns, including those attempting to fool people into providing their banking logins and credit card information to spoofed websites of legitimate banking sites.
What Is Website Spoofing?
Website spoofing is a scam where cyber criminals create a website that closely resembles a trusted brand as well as a domain that is virtually identical to a brand’s web domain. The goal of website spoofing is to lure a brand’s customers, suppliers, partners and employees to a fraudulent website and convince them to share sensitive information like login credentials, Social Security numbers, credit card information or bank account numbers.
According to Mimecast, website spoofing attacks have become increasingly prevalent in recent years for two simple reasons: they’re easy to execute and they work.
Even unsophisticated attackers can register a domain that’s very close to the domain of a trusted brand and build a site that looks identical to the brand’s website. Then, using phishing emails, attackers can lure the brand’s customers, partners, and others to the site and trick them into revealing sensitive information.
Here are a few of the spoofed websites and/or phishing emails observed recently:
Spoofed Banking login webpages
An ABSA Bank spoofed login page steals account numbers and pin.
• The URL in the address bar (www*amsac*pe) confirms that this is a fake site.
• None of the links or options on this page function. The site only allows input and submission of the account number and pin.
The Standard Bank fake ucount rewards (phishing email).
• The email sender (to) and recipient (from) addresses are identical (not directed at anyone).
• No specific Standard Bank client is mentioned, only the ‘user’ (dear user).
• No ‘Instant Money Promotion’ rewards campaign exists with Standard Bank.
• The email links to a spoofed website which was shut down by the time this campaign was received.
FNB view account statement.
• Original email looks legitimate but when hovering over the link/url, an India-based domain is shown.
• The link redirects the user to a spoofed FNB login page.
• The URL in the address bar (www*turkeyrealestate*in) confirms that this is a fake.
• The page is only designed to fill the visible area of the browser window.
• None of the links or options on this page function. The site only allows input and submission of the username and password.
Spoofed Microsoft 365 account error email.
• In this example, a phishing email is designed to look as similar to the Microsoft 365 ‘delivery failure notice’ email.
• Hovering the mouse over the links in the email exposes the URL to a non-Microsoft website (http//*kbsendclub*tech) confirming that this is fake.
• The URL/link contained in the email has a second redirect which forwards the browser to an additional URL where they are to log into webmail using their Microsoft 365 account. This is known as ‘Business Email Compromise’, or BEC.
MetaMask (blockchain wallet – cryptocurrency) verify account.
• The sender has no relation to the actual email content (@kingsoffruits*com).
• The email links to a spoofed website which was shut down by the time this campaign was received.
Spoofed EPX Delivery (card stealing).
• The original email advises that a package is pending delivery.
• On accessing the link, the user is asked to pay a fee of R50 (ZAR) using a credit card.
• This scam has been documented to initially ask for a small transfer of R50, but on authorisation transfers thousands of rands from the victim’s bank account.
In summary, cyber attackers are crafty, delivering increasingly well-crafted phishing campaigns and spoofed websites to unsuspecting victims making it exceedingly difficult to identify the real from the fake.
Studies suggest that incidents like these will continue to occur and improve over time because of the scalability and profitability.
One needs to pay attention to the following aspects to avoid getting compromised in this manner:
• Be cautious when opening emails and clicking on links that seem too good to be true.
• Never respond to a potential phishing email or message.
• Report malicious content.
• Contact the company or service directly to confirm that it is genuine (optional).