Easter phishing
Symantec has collected the failed phishing attempts it has discovered in recent times.
There are hundreds of ready-to-use phishing kits on the Internet. At the beginning of March, a list containing more than 400 links was circulating on various mailing lists and forums. Some "kits" are created by combining complex command files and can mimic multiple brands at once, and sometimes even bypass two-level user identification methods. However, the vast majority are just archived copies of the original website, complete with PHP commands.
With Easter approaching, Symantec thought it would compile a top five list of the strangest "Easter eggs" seen in phishing kits in recent times.
Fifth place: Link to local images
Phishers sometimes do not check that all links have been converted correctly. The lazy ones just look at the tab in their own system to see if it displays well. However, this method does not show that some images, although they display well, are loaded from their own system. The result is a phishing site that is missing images.
The so-called "Saved from" links
Some tools, such as Internet Explorer, also display the website when the page is saved. This is a good reminder of where the page was downloaded from. It goes without saying that such "saved from" links on a phishing site definitely indicate the fraudulent nature of the web page.
In third place were the phishing sets infected with the malicious code
He who plays with fire burns himself easily. Phishers often disable the antivirus on their own system (if they have one installed at all) as they do not want their latest creature to move to eternal hunting grounds right away. This, of course, means that they need to know what they are doing, as pests from elsewhere also pose dangers to them.
The second is Google Analytics and banner ads
When phishing copies an original website, it usually removes everything that isn’t really needed. However, some attackers want to make their work completely real (or just careless) and leave all the links to the banner on the fake page. This way, the scammed company can even make some money from the ads displayed. Some phishers even leave Google Analytics links on the website so the real company can later analyze where people came to the fraudulent site.
And the first place belongs to the convincing back gates
A very large number of ready-to-use phishing kits contain a backdoor. In this case, this means that the command file will also send all the collected authentication information to another, hidden email address. And so phishers catch the catch of phishers. Some programmers try to hide the backdoor really well, for example by disguising it as an image or messing up the code with JavaScript. Often the "authors" try to convince novice phishers not to remove the backdoor, saying "it will be useful for the scam".
