Earlier this month, Microsoft released a report on this year's malware and cyber-security trends. Among the few trends highlighted in the report was that phishing was one of the few attack vectors that saw a rise in activity over the past two years.
Microsoft said that phishing attempts grew from under 0.2% in January 2018 to around 0.6%[1] in October 2019, where 0.6% represented the percentage of phishing emails detected out of the total volume of emails the company analyzed.
While phishing attacks increased, the number of ransomware, crypto-mining, and other malware infections went down, the company said at the time[2].
In a blog post[3] published today, the Redmond-based tech giant reviewed three of the more clever phishing attacks it seen this year.
Hijacking search results
The first is a multi-layered malware operation through which a criminal gang poisoned Google search results. The scheme went as follows:
- Crooks funneled web traffic hijacked from legitimate sites to websites they controlled
- The domains became the top Google search result for very specific terms
- Phishers sent emails to victims linking the Google search result for that specific term
- If the victim clicked the Google link, and then the top result, they'd land on an attacker-controlled website
- This website would then redirect the user to a phishing page
One might think that altering Google search results takes a gigantic amount of effort, but this was actually pretty easy, as attackers didn't target high-traffic keywords, but instead focused on gibberish like "hOJoXatrCPy."
Furthermore, Microsoft said "the campaign was made even stealthier by its use of location-specific search results."
"When accessed by users in Europe, the phishing URL led to the redirector website c77684gq[.]beget[.]tech,