99 Phishing Sites but Microsoft Did Not Leave One
A phishing website is a wonderful instrument for virtual schemers. Once a phishing website is set up, the attackers can trick gullible visitors into disclosing personal information or interacting with unreliable or even malicious content (e.g., links, buttons, and ads). While schemers can build unique phishing websites, they also can build websites that look similar or even identical to well-known and popular ones. In this report, we focus on the websites that were using the good name of Microsoft to lure in victims. Recently, the company revealed on its blog that it took control of 99 websites linked to a malicious hacking group. Continue reading, and you will learn how to recognize phishing websites, as well as how to protect your virtual identity against vicious schemers.
Microsoft vs. Phosphorus
Phosphorus is one of the names that a hacking group believed to be from Iran is known by. Other aliases include Ajax, APT 35, and Charming Kitten. This group is responsible for the 99 websites that have been taken down, and that was done after a court ruling of the U.S. District Court for Washington D.C. According to Microsoft, the group was tracked by the Microsoft’s Digital Crimes Unit and the Microsoft Threat Intelligence Center since 2013, and by taking over the malicious websites, they were able to stop successful cyberattacks. The domains of these websites used URLs similar to those of Microsoft websites, but, of course, they were set up to work as phishing tools, and it is reported that these websites were either used to extract passwords and sensitive information or drop malware.
According to the Microsoft blog post, Phosphorus would perform spear-phishing attacks using social engineering scams to lure users in. The targeted users would be tricked into clicking on corrupted links – in some cases, sent via fake social media profiles – that would redirect to malicious websites and help the criminals perform successful phishing attacks. The schemers could also send misleading spam emails warning the targets about alleged security issues and, later on, push them to disclose login credentials via fake web forms. It is not surprising that to make the phishing attack less suspicious, the attackers chose to set up fake websites. When a scam website looks like Microsoft website, the victim is automatically less cautious. The company informed that phishing attacks by Phosphorus were delivered using websites whose URLs included the names of legitimate websites, including myaccount-services.net, outlook-verify.net, verification-live.com, and yahoo-verify.net.
Now, if you accidentally visit one of the 99 malicious websites used in phishing attacks by Phosphorus, you are automatically redirected the Digital Crime Unit’s sinkhole. Unfortunately, that does not mean that this is the end for all phishing attacks from this group of hackers. The process of tracking malicious phishing websites and then taking them down is not straightforward, and hackers always have room to evolve. At the end of the day, it is hard to say, how many new malicious phishing websites could be set up, as well as which other methods the attackers could use to terrorize gullible users. If you believe that you might have become a victim of Phosphorus attackers, scan your operating system to check for silently active malware and also change your sensitive passwords immediately. We recommend implementing a tool called Cyclonis Password Manager to help you assess existing passwords, generate stronger passwords where needed, as well as encrypt them to ensure protection against cyber attackers.
What to do if a scam website looks like Microsoft website?
Virtual scams are the driving power of the cybercrime world. Whether they like it or not, schemers need disguises in order to trick people online, and that is where the scams come in. In most cases, the attackers rely on fictitious websites. Whether you click a misleading ad or a malicious link sent to you via email, you have to be redirected to somewhere. Unfortunately, phishing websites can look completely inconspicuous, and you might be trapped before you know it, which is why it is essential that you learn how to identify virtual scams and also learn about the ways to ensure protection. Before we move on – if you ever come across a website that, clearly, is used for phishing attacks, you should report it ASAP. Also, note that not all scam websites look like Microsoft websites. Virtually, any website could be cloned.
Signs of a phishing website:
- The URL is incorrect. Beware of slight modifications that might confuse you, such as microsft.com instead of microsoft.com, and also beware of fake URLs that might seem official. For example, while microsoft.support.com might seem like a legitimate website, it is not.
- Take notice of the certification. Have you noticed the green padlock icon attached to the URL? This is the website’s certification. If you come across a website that does not have this green padlock, close it immediately. On the other hand, you cannot trust this icon blindly either.
- Take the “Not Secure” warning seriously. The “Not Secure” icon might be presented in place of the green padlock. If that happens, the website should not be trusted. In the same vein, you should not ignore your browser’s warnings that might prevent access to malicious websites.
- The interface is unfamiliar. If you visit a website you think you are familiar with, and you immediately notice changes in the interface, do not automatically assume that the website was updated. Always consider the possibility that you have visited a malicious website.
- HTTP vs. HTTPS. You have to check whether the URL of the website you are visiting starts with HTTP or HTTPS. Even though this might seem like a minuscule detail, it is important. You should continue reading HERE to learn more about the differences between these two protocols.
- Demands sensitive data. If you visit a website that persistently demands to enter a password or other sensitive information, there is a good chance that this website is used in a phishing attack.
Phishing websites can imitate social media platforms, online banking portals, security-related websites, and everything in between. While in many cases they are set up to extract information or introduce the visitor to false information (e.g., tech-support scams are set up to trick the visitor into communicating with schemers), many of them are used to drop malware. In such case, even visiting the malicious website could lead to a successful attack. You might not even need to do anything else. This is why we continue to talk about phishing scams and phishing attacks. To avoid them, you must be on high alert at all times, and if you ever get scammed, you must take action immediately.