For cybercriminals, sending a phishing email is just the first step of the process. The aspiring phisher will often build and link to a fake website or login page in the malicious communication, attempting to trick the victim into credential theft, or entering login credentials and/or personal compromising information, such as proprietary company information, banking details, social security numbers, etc. By spoofing trusted brands big and small, the attackers exploit social engineering methods to prey on that confidence of users, subsequently persuading victims to click on links to the fake landing pages that propel them to take an action.
To help solve this problem, IRONSCALES today unveiled a new phishing URL scanner powered by computer vision, image processing and deep learning for security analysts to check the legitimacy of a suspicious login URL. To check the link, analysts simply need to copy and paste the suspicious URL in the scanner, which will then check its veracity against IRONSCALES inventory of thousands of fake phishing pages, which grows on a daily basis. In the event that our quick scan cannot immediately render a verdict on the page’s validity, IRONSCALES will perform a deeper scan to further evaluate the URL and respond via email.
FREE URL Scanner Guards Against Fake Login Attacks
As we’ve written about before, phishing websites and fake login pages are especially problematic for companies that rely on rules-based email security tools such as secure email gateways (SEGs), multi AV scanners and sandboxing solutions, as such tools and solutions lack visual anomaly detection capabilities required to assess a fake login page from a genuine login page in real-time.
These pages often imitate a website’s real URL and subtly add extra words that are difficult to catch with the naked eye. And for enterprises looking to protect data, it’s imperative not to rely on employees to notice this themselves but instead to install extra security protocols behind their SEGs to ensure the email never hits their inbox in the first place. Further, humans can be tricked rather easily. As long as the fake website login pages look more or less as they expect them to, most users will continue on with their normal routine, unaware that they might be the victim of a sophisticated attack.
Currently, free open source tools do not support visual anomaly detections. And that’s a big gap for security analysts trying to protect companies from email compromise. IRONSCALES’ self-learning email security platform is built to automatically prevent, detect and respond to sophisticated phishing attacks – freeing up SOC teams to be more efficient and effective and prioritize revenue-producing work.
Perhaps the most concerning aspect of fake login attacks and URLs is how convincing they’ve become. Cybercriminals are extremely detail-oriented in their credential theft approach and traditional security solutions are challenged to stop these types of attacks as they were designed to scan the source code that lays behind the HTML page in order to match the signatures of previously known attacks.
One additional important point to reiterate from a previous blog post:
Consequently, savvy criminal groups must strike the right balance between creating spoofed landing pages that look similar enough to legitimate pages to dupe their intended victims but not identical enough to be snared by anti-phishing technologies. By taking a polymorphic approach, attackers can automate and refine the process of deploying pages that do not surpass predefined detection thresholds. By comparing the visual similarity of legitimate landing pages to spoofed ones, computer vision enabled solutions provide a critical additional layer of defense since they do not rely on simple pattern matching technologies.