Thanks to one of our readers who submitted this interesting piece of phishing. Personally, I was not aware of this technique which is interesting to bypass common anti-spam filter and reputation systems. The idea is to create a fake survey on a well-known online service. In this case, the attacker used surveygizmo.com[1] which offers you to build an online presence for surveys or feedback forms. Most of these websites are paid services but offer free trials. Enough to build a phishing campaign. The generated link is sent to the victim as usual with some social engineering. Here is an example of the link: hxxps://www[.]surveygizmo[.]com/s3/5485786/Invoice-4982550 The landing page looks like this: (Note the typo "your o email") And, once you provided your credentials, the survey immediately ends with this screen: The attacker just needs to login on his account to access data submitted by victims… You don’t need to deploy or hack a server to host the phishing page, you just use free resources provided by a cloud service. Pretty clever… And, if you’re ready to pay a small fee, you can even build self-branded surveys to increase the chances to lure victims. [1] https://www.surveygizmo.com/ Xavier Mertens (@xme) |
Xme 587 Posts ISC Handler Mar 5th 2020 |
Thread locked Subscribe |
Mar 5th 2020 11 months ago |
Hello,
Why not reporting these bad sites? It's not the first time I find bad ones which are not reported. Keep up the good job! Thanks a lot, reportphishing@antiphishing.org reportphishing@apwg.org spoof@millersmiles.co.uk submit@emsisoft.com https://www.phishtank.com https://www.virustotal.com/ https://urlscan.io/ https://safebrowsing.google.com/safebrowsing/report_phish/ https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-url https://analysis.avira.com/fr/submit http://trafficlight.bitdefender.com/info?url=TYPE_URL_HERE |
Anonymous |
Quote |
Mar 5th 2020 11 months ago |
Sign Up for Free or Log In to start participating in the conversation!