Amazon, Paypal, and Gmail Users are the Latest Target in New Phishing Attack

Amazon, Paypal, and Gmail Users are the Latest Target in New Phishing Attack

A new phishing attack dubbed as “Heatstroke” was recently identified by security researchers and is designed to steal PayPal and Amazon user credentials and credit card information.  This latest campaign leverages a targeted phishing-kit that involves a sophisticated multi-stage attack method, compared to classic techniques such as hiding malicious URLs inside legitimate websites and social engineering. 

Reported cases of Heatstroke have started with targeting business users' private email addresses because they’re more likely to be hosted on free email services with lax security and spam filtering. This is a good starting place for hackers too because these accounts are often used as the verification for social media and e-commerce websites, as well as backups for Gmail and business accounts. 

Gmail is particularly interesting for attackers; accessing Gmail opens up access to Google Drive which could contain business documents shared between clients, partners and vendors that use Gmail for business purposes. And under certain circumstances, hackers can even compromise the Android device linked to that account as well. 

Heatstroke is a great example of how phishing methods have evolved. In a nutshell, here’s how it works:

The attacker sends a phishing email asking the user to verify his account. The email is sent from a legitimate domain to avoid being blocked by spam filters. The user is redirected to a first-stage website, which varies. The first-stage website redirects the user to a second-stage site. This stage is for validation. Once all the checks are done, the user is diverted to a third-stage website, which is the actual phishing site.

  • Landing pages constantly change to bypass any webpage filtering
  • It works against security vendors by blocking crawling services and vulnerability scanners
  • The initial landing page is encoded in base64 to bypass firewalls and web scanning solutions
  • Any stolen credentials are transmitted using steganography (where data is embedded within an image)

This only scratches the surface of what these phishing kits can do to ensure a successful attack.

In addition to stealing Amazon and PayPal accounts, gaining access into your personal email accounts serve as a better starting point for hackers to gather intelligence on their business targets.

When it comes to phishing, knowledge is power. The more vigilant your users are, the less likely they are to fall for an attack. Educate your users so they are aware of the evolving threats. At IT Solutions we have security assessment and training options available to our clients, including end-user phishing testing. Contact us today to get started. We're here to help.   

© 2020 IT Solutions Consulting, Inc. All rights reserved... Privacy Statement  |  Site Map