Phishing Campaign Uses Reverse Tunnels and URL Shorteners

Phishing is a deceptive tactic used to obtain sensitive user information (credit card numbers, passwords, etc.). Attackers appear to be trustworthy organizations (typically mimicking a large brand) to deceive victims into disclosing private data.

If phishing is effective, hostile third parties steal confidential data. Financial or identity theft is committed using stolen information. Hackers use it to access victims’ accounts and blackmail them for advantages.

What Happened?

Researchers in the field of information security have seen an increase in the usage of URL shorteners and reverse tunneling services in conjunction with large-scale phishing efforts. This makes it more difficult to put a halt to the malicious behavior.

This strategy deviates from the more typical practice of registering domains with hosting providers, who are more likely to react to complaints and take down phishing websites if they are found to be active.

Threat actors may host the phishing sites locally on their own machines via reverse tunnels, and connections will be routed through the external service. They are able to produce fresh links whenever they wish to avoid detection by using a service that shortens URLs on their behalf.

Because many of the phishing URLs are updated in less than twenty-four

Read More: https://heimdalsecurity.com/blog/phishing-campaign-uses-reverse-tunnels-and-url-shorteners/