Hackers are getting smarter with the Logokit email phishing attacks using dynamic personalization.
Hackers expose millions of companies to impersonation using a specific login page with Clearbit URL personalization.
The ChatFortress team was able to replicate this demonstration page in less than 60 minutes.
You can access the Demo here:
We know that the best way to create a cybersecurity culture is through experiential learning. Therefore allowing users to play with the demonstration website helps explain these attacks. Our goal is to help make your employee’s smarter in detecting these email scams.
How to personalize page?
You can personalize the page based on the email address or domain name used in the URL. Add #email address to the URL. For example, www.ChatFortress.com/lp/login#[email protected] imports the Clearbit.com logo to the login page. And Prefills the email address to further convince targets this is a legitimate page.
This phishing attack was identified by RiskIQ on Jan 27, 2021. It’s just an example of how cybercriminals are getting smarter with their attacks. Using the same API’s legitimate companies use for website personalization to improve the effectiveness of their attacks.
You will see an increase in attacks using dynamic personalization or previously exploited data. Every web service or API that’s available to your company is also available for malicious use.
What is LogoKit?
RiskIQ reported that over 700 companies had been targeted with this attack strategy. However, due to the use of the Clearbit API to apply a personalization. This attack strategy instantly exposes millions of companies to impersonation attacks.
Here are just a few examples:
How LogoKit Spreads?
- Initially, the attacker sends an email ID, hidden with a specially crafted malicious URL.
- Once a victim clicks on the URL, it redirects the user to a fake corporate web site.
- The victim’s email is auto-filled into the email or username field to trick the users into thinking they have previously logged into the site.
- If the victims enter their password, LogoKit sends the target’s email and password to an external source operated by threat actors.
- LogoKit allows attackers to easily compromise websites and embed the malware or malicious script in them.
The question now becomes with advertisers using dynamic personalization to get your attention. How are you going to detect the fake vs. real pages?
Sharing real world examples of attacks is how you educate your team on creating a cybersecurity culture.