Why advanced third-party phishing campaigns are rapidly escalating 

In early August 2023, the UK Electoral Commission disclosed a massive data breach exposing personal information collected over the course of eight years, with anyone who registered to vote in the UK between 2014 and 2022 affected, says Yuval Pe’er, chief cyber threat intel analyst (Israel), BlueVoyant.

The Electoral Commission says the exposed voter information included personal data contained in their email system such as full name, email and home addresses, telephone numbers, and more. Such exposed information, particularly phone numbers and email addresses, can be incredibly valuable for threat actors to use in targeted phishing attacks. Subsequently, the Commission has warned all UK voters to look out for targeted phishing emails attempting to gather further sensitive information, such as passwords, account numbers, or financial information. 

The oldest trick in the security playbook 

Today, phishing is one of the oldest as well as one of the most common types of cyberattack, with an estimated 135 million phishing emails sent every day worldwide. Traditionally, phishing websites exclusively target users of one organisation, whether they be employees or customers. These websites tend to follow a similar cadence: attackers deploy a phishing kit to create a near-identical, or convincing enough spoofed website of a corporate brand, using a lookalike domain to further a sense of legitimacy. 

While phishing scammers use different distribution methods to lure in unsuspecting victims, such as phishing emails with links to their sites or links posted on social media platforms, the end goal of tricking a user into entering their login credentials, payment card information, or other personally identifiable information (PII) is always the same. Later on, the threat actor collects these credentials and sells them or uses them to defraud the victim by convincing the recipient to transfer money, share sensitive personal information, enter login or credit card details to a fake site or download malware by clicking on a link or an attachment. 

Ever-more deceptive methods are being used 

Over the years, threat actors have started to deploy ever-more deceptive methods, finding new ways to carry out increasingly sophisticated attacks that circumvent the various cyber defence protocols security teams have in place. To this point, in the first half of 2023, our expert cyber threat analysts started investigating one such tactic that they first identified in 2020, but that has now dramatically increased in volume: third-party phishing. 

The scale, complexity, and successful deployment of advanced evasion mechanisms make this phishing technique far more efficient and effective than traditional standalone phishing sites. Third-party phishing targets hundreds of global financial institutions using intermediary sites that redirect victims to a phishing site impersonating a brand they trust. By impersonating an ostensibly unrelated brand, threat actors can better evade detection, while collecting credentials and PII from customers of a wider array of companies. 

Over the past year, BlueVoyant has witnessed a major increase in the number of phishing sites originating in third-party phishing campaigns. One major European client saw an increase from just 2% of all detected phishing attacks in 2022 to 21% in 2023. 

Casting the net wider to catch more fish 

Third-party phishing adds a new wrinkle to the oldest trick in the book. Having intermediary sites directing victims to various different phishing sites provides two benefits to attackers: it allows them to cast a wider net and catch more fish, and it provides another degree of separation between them and threat hunters who may be on their trail. 

This means that organisations now need to not only monitor for cyber threat activity targeting their own domains; but also for third-party phishing attempts making use of an intermediary to direct traffic to a different phishing page sometimes hosted on the same domain as the intermediary site that may be harder to detect on its own. The increased risk associated with one website acting as a gateway to dozens of financial institutions is substantial, and security teams will need to increase their efforts to find third-party phishing sites that could be targeting them and many of their peers. 

We regularly track large scale third-party phishing campaigns from different geographies around the world, and we alert both the intermediary brands and the destination brands on these and remediate active threats on their behalf.

Taking action four key steps 

Below are four key steps your organisation can take to help mitigate the risk of third-party phishing: 

  • Monitor for lookalike domains and illicit use of corporate brand assets across the web to identify potential phishing sites. 
  • Educate clients and employees on third-party phishing and encourage them to closely inspect any URL they click on for pages that require credentials or PII to be entered. 
  • Remediate malicious domains using third-party phishing quickly to mitigate risk and potentially thwart large-scale attacks. 
  • Work with an end-to-end Digital Risk Protection vendor to proactively detect third-party phishing campaigns, receive validated alerts, and take down the threats rapidly. 

Picking up on step two, for individuals and employees keen to ensure that they spot a phishing email our advice includes: 

  • If an offer looks too good to be true it probably is 
  • Watch out for unusual or look-a-like email addresses 
  • If a recognised contact asks you to do something unusual, like pay an invoice or transfer money, be sure to verify with them through a different channel e.g. phone 
  • Be vigilant on bad spelling and or formatting, which is becoming harder to spot as threat actors use AI tools like ChatGPT to write phishing emails 
  • If you are unexpectedly asked to supply sensitive or financial information, be suspicious 
  • If you find hyperlinks redirect you to an unexpected site, close the site immediately 
  • If the email contains urgent language, especially if the reason is vague, be suspicious 
Yuval Pe’er

Phishing attacks will continue to become more sophisticated as threat actors look for ways to avoid threat hunters. Being vigilant and alert to the schemes attackers have cooked up to carry out third-party phishing campaigns, as well as adopting best practices for defending against this type of attack, which users may not recognise even if they are security-savvy, is paramount to avoid becoming the latest victim of a data breach. 

Anyone interested in learning more about third-party phishing attacks, please download our latest report here.

The author is Yuval Pe’er, chief cyber threat intel analyst (Israel), BlueVoyant.

RECENT ARTICLES

Workz debuts unrestricted IoT device management

Posted on: May 3, 2024

Workz, a cloud-based eSIM vendor, has launched its new remote device management solution designed for the Internet of Things (IoT) industry. The platform eliminates the restrictions associated with traditional technologies

Read more

Itron improves Temetra platform for water utilities in Australia and New Zealand

Posted on: May 2, 2024

Itron expands the capabilities of its Temetra platform in Australia and New Zealand to include NB-IoT communications, enabling digital transformation for water utilities. Temetra’s comprehensive offering includes metre data processing,

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into

Read more