The one thing you could always count on with a phishing page is that something would give it away as a phishing page. After all, it’s not the real page, so there must be something different about it. Protecting yourself from a phishing attack simply came down to being able to identify the clue that gave away the web page as a phishing page. But what if attackers could find a way to phish you with the legitimate page you actually intend to visit? There wouldn’t be any clues giving it away as a fake page because it isn’t. That would be a problem, and unfortunately that problem has become reality.
According to an article on CPO Magazine, “attackers conducted a successful phishing campaign against enterprise users by overlaying legitimate web pages with fake login pop-ups. The phishing campaign exploited Microsoft Outlook enterprise email quarantine policies to lure victims into disclosing their login details.”
Of course, the phishing exploit starts with a phishing link in an email. But, “by clicking the link, employees were redirected to a legitimate company website with an Outlook email login screen. The attackers, however, overlay the company’s web page with a fake login panel, which prompted the user to log in with their company account because their session had timed out. The threat actor also conveniently populated the fake login panel with the user’s email address to gain more trust. Additionally, the victim could also click outside the overlay and interact with the legitimate page.”
A legitimate website partially overlaid with a fake login panel. Now, that’s going to be hard to detect. What’s the secret to protecting yourself from such a sophisticated attack? You must catch the scam before the bogus link in the email is clicked. That link in the email is the only clue that gives away the scam. How do you detect that malicious link in the email before you click it? With Phishing Protection from DuoCircle.
Phishing Protection is cloud-based email security with real-time link scanning technology. Its primary job is to check out links in emails to see if there’s something phishy about them. If there is, they get quarantined and never make it into your inbox. And if they never make it to your inbox, you can’t click on the link, which means you’ll never see a hard-to-detect phishing page, so it can’t trick you.
Phishing Protection requires no hardware, no software and no maintenance. It sets up in 10 minutes, works with all major email providers and costs only pennies per user per month.
The phishing pages are going to get harder to detect, especially when they’re not actually phishing pages. The only chance you have is to keep from visiting those pages in the first place, and the best way to do that is with Phishing Protection. Try it risk free for 30 days.