According to research from Ironscales, fake login pages are commonly used to support hacks and spear-phishing campaigns, and its researchers found more than 200 of the world’s most prominent brands were spoofed with fake login pages. In total, the company found over 50,000 fake login pages in the first half of 2020, with some able to be polymorphic and represent different brands. Per the company, the largest number of fake login pages were had at PayPal (11,000), Microsoft (9,500), and Facebook (7,000).
With the shift to work and learn from home as a result of the pandemic, we would not be surprised to hear more about fake login pages as well as the phishing attacks that lead people to them in the coming months. All in all, another aspect of the attacks that will continue to spur demand for cybersecurity and data privacy solutions.
It also found nearly 5% (2500) of the 50,000+ fake login pages were polymorphic, with one fake login able to represent more than 300 different login pages.
Ironscales’ Brendan Roddas explained polymorphism occurs when an attacker implements “slight but significant and often random change to an emails’ artifacts, such as its content, copy, subject line, sender name or template in conjunction with or after an initial attack has deployed.”
This allows attackers to quickly develop phishing attacks that trick signature-based email security tools that were not built to recognize such modifications to threats, ultimately allowing different versions of the same attack to land undetected in employee inboxes. In this research, Microsoft and Facebook led the list with 314 and 160 permutations, respectively.