© 2024 CoolTechZone - Latest tech news,
product reviews, and analyses.

Third-party phishing campaigns on the rise

Scammers increasingly rely on third-party phishing websites to drain victims’ wallets, cybersecurity firm BlueVoyant claims.

A direct phishing campaign usually bombards victims’ with malicious links to their sites, hoping to trick them into entering their login credentials, payment information, and other sensitive data.

Third-party phishing campaigns are not that straightforward. They typically involve some characteristics of the original flow one might expect. Here’s one example of such a flow:

Scammers impersonate a well-known Shpock platform to deceive sellers into believing that their products have sold and that they are entitled to receive funds for them.

In most cases, the victim will receive a smishing message stating that their listed product was sold and urging them to claim payment. The message also includes a short link, which upon clicking, redirects the victim to the intermediary phishing page.

When clicking to proceed and claim the funds, the victim is redirected to the next step in the phishing chain, where they will be asked to choose the financial institution they bank with.

After selecting their bank, the victim will be redirected one last time to the main phishing page impersonating a financial institution.

According to BlueVoyant, third-party phishing websites are “spread on a massive scale across the internet.”

“Over the past year, BlueVoyant has witnessed a major increase in the number of phishing

sites originating in third-party phishing campaigns. One major European client saw an increase from just 2% of all detected phishing attacks in 2022 to 21% in 2023,” the company said.

Leave a Reply

Your email address will not be published. Required fields are marked