New Phishing Attack Exploits Trusted Sites

Security researchers have discovered a new type of phishing attack that steals data by exploiting commonly trusted online platforms like WhatsApp.

Security experts have detected a highly advanced phishing operation that abuses the trust users and security tools implicitly have in well-known websites such as Google Drawings and WhatsApp. By exploiting these platforms, the threat actors deceive victims into exposing their sensitive information.

‘LOTS’ Phishing Attack: How it Works

This particular type of phishing is called a “Living Off Trusted Sites” (LOTS) attack. The attacker begins by sending an an email intended to lures victims into clicking a seemingly legitimate Amazon account verification link. This phishing email would actually contain an image hosted on Google Drawings which is a component of the Google Workspace suite.

Since traditional security tools often fail to detect Google Workspace Suite, threat actors find it an ideal ruse for their malicious activities. Upon clicking the link embedded in the image, users are redirected through a sequence of shortened URLs before being led to a counterfeit Amazon login page.

Attackers will typically attempt to mask the suspicious web traffic by using a WhatsApp URL shortener, “l[.]wl[.]co,” which does not display any warnings about redirects. The link may be further shortened using “qrco[.]de”, a dynamic QR code service. This layered approach to truncating malicious links make it challenging for security tools to detect the imminent threat.

Upon reaching the fraudulent Amazon page, victims are guided through a sequence of steps, where they are required to provide sensitive information. This includes login credentials, personal details, billing data, and payment card information. As they fill out each step, their credentials are captured by the attacker via distinct URL paths within the same domain. Hence, even if the victim decides not to complete the process or stops midway, the attacker still manages to obtain vital data from every previously completed step.

Proactive Security Measures

As cyberattacks grow more complex, it is simply inadequate for users to rely on security systems that are only designed to address ongoing threats. While increased vigilance and user education are always recommended, it has become necessary to adopt proactive security measures to guard against sophisticated phishing attacks.

In addition to maintaining good security hygiene when interacting with URLs, users are strongly urged to leverage advanced security tools that can identify, assess, and eliminate novel cyberattacks in real-time.

FailSafe offers cutting-edge features designed to protect against unauthorized transactions and phishing attempts, thereby providing an additional layer of security for your digital assets.

Start using FailSafe to improve your crypto wallet security today.