Over 50,000 fake login pages were detected in the first half of 2020, with some able to be polymorphic and represent different brands.
According to research from
Ironscales, fake login pages are commonly used to support hacks and spear-phishing campaigns, and its researchers found more than 200 of the world’s most prominent brands were spoofed with fake login pages.
It also found nearly 5% (2500) of the 50,000+ fake login pages were polymorphic, with one fake login able to represent more than 300 different login pages.
Ironscales’ Brendan Roddas explained polymorphism occurs when an attacker implements “slight but significant and often random change to an emails’ artifacts, such as its content, copy, subject line, sender name or template in conjunction with or after an initial attack has deployed.”
This allows attackers to quickly develop phishing attacks that trick signature-based email security tools that were not built to recognize such modifications to threats, ultimately allowing different versions of the same attack to land undetected in employee inboxes. In this research, Microsoft and Facebook led the list with 314 and 160 permutations, respectively.
The research also determined the brand with the largest number of fake login pages to be PayPal with 11,000, followed by Microsoft with 9500 and Facebook with 7000.