Phishing Tactic Hides Tracks with Custom Fonts
#1
Quote:The phishing campaign is using a new technique to hide the source code of its landing page – and stealing credentials from customers of a major U.S.-based bank.

An insidious phishing method evades detection using a never-before-seen technique that leverages custom fonts to cover its tracks.

Researchers at Proofpoint recently discovered an active credential harvesting phishing scheme. Once a victim has clicked on the initial phishing email, the resulting landing page looks like a login page for a major U.S. bank – but in reality the page is bent on stealing banking customers’ credentials, Chris Dawson, threat intelligence lead at Proofpoint, told Threatpost. The phishing kit uses custom web fonts to obfuscate the source code for the landing page – making it seem harmless.

“While encoded source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique for the time being in its use of web fonts to implement the encoding,” researchers at Proofpoint said in a Thursday analysis of the technique.

Source: https://threatpost.com/phishing-custom-fonts/140563/
[-] The following 2 users say Thank You to silversurfer for this post:
  • Deep900, harlan4096
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>