Introduction
Battling cyber-crime can sometimes feel like an endless tennis rally where the cybercriminals relentlessly attack, and you are constantly defending, often just keeping the ball in play. But what if you could take the upper hand and have a chance at hitting back with a winning shot?
The current evolution of cyber threats demands innovative solutions to safeguard organisations. As cybercriminals continue to exploit vulnerabilities through various spoofing attacks, phishing attacks have seen an increase in both quantity and complexity. One particularly insidious form of credential phishing is Microsoft login page spoofing, which is itself an example of EvilProxy - a topic we discussed in an earlier blog. A successful spoofing attack can lead to severe consequences such as data breaches and identity theft. But it goes further than just spoofing a page with an amateur UI. This technique copies and loads a pixel-perfect version of the page AND bypasses MFA, a man-in-the-middle approach that can result in a full-blown takeover of the victim’s account by the attacker. We’ve seen it emerge as a significant threat, prompting our dedicated team to develop a ground-breaking solution, aimed at fortifying your defences.
Understanding the rise of Login Spoofing and compromised login credentials
Phishing attacks have become increasingly sophisticated, preying on unsuspecting users who may unwittingly share sensitive information. Microsoft SSO is one of the most widely used, so a potent attack vector for malicious actors. Microsoft login page spoofing involves malicious actors creating deceptive, carbon-copy login pages, tricking users into sharing their credentials through fake login interfaces. These fake login pages closely mimic legitimate ones to capture sensitive information. Recognising the gravity of this growing threat, our team has crafted an innovative tool designed not only to detect such malicious attempts but also to empower users with visual cues that thwart phishing attacks in their tracks by preventing them from revealing their login credentials.
The inner workings of Eye Security against fake login page threats
Eye Anti-Spoofing Tool (EAST) is our advanced cybersecurity solution, tailored to combat Microsoft login page spoofing. Spoofing attacks can bypass network access controls and compromise network security, allowing attackers to gain unauthorized access to sensitive data and systems. The tool operates during the sign-in process, employing a custom CSS file to customise the appearance of the sign-in box. Using a password manager can help identify potentially spoofed websites by autofilling login forms and recognizing trusted sites. As the user interacts with the login page, Eye Security’s servers dynamically adapt based on the HTTP Referer header, distinguishing between legitimate and spoofed websites, with our solution adding a visual clue. The custom CSS file will load a version of the login screen - hosted by Eye Security - containing a warning when the user is attempting to log in to an unrecognised domain. When the user accesses the legitimate Microsoft domain, a login page will load showing a green check box with the message: ‘login screen verified’. This ensures that users receive alerts if they encounter a credential phishing attempt, fortifying the security perimeter.
User alert mechanism for spoofing attacks
Imagine a scenario where an employee encounters a malicious phishing page disguised as a legitimate Microsoft login. Attackers often use a fake email address that mimics a legitimate source to deceive recipients. Thanks to Eye Security, users are promptly alerted after entering their username, but crucially, before entering their password. Visual cues, as shown in the screenshot below, serve as a warning, disrupting the phishing attack and preventing you or your colleagues from accidentally sharing sensitive information. Along with hundreds of other daily risk checks, you will also be notified in the Eye Portal, where you can see the recommendation.
A video we shared a few weeks ago demonstrated this in full. It was an iterative process, based on great ideas from Zolder BV. After researching their approach to generate insights into Adversary-in-the-Middle (#AitM) phishing kits and how to detect them, it was experimentation by our team of security experts that led to this new and innovative approach.
Since we launched EAST, several customers have already realised the value, most recently benefitting from the solution by preventing a business email compromise. In this case, the customer had got as far as entering their e-mail address, yet they chose not to type in their password on prompt thanks to the warning that EAST generates. Attackers look for human vulnerabilities to infiltrate systems, such as when you are filling in usernames and passwords on autopilot. That’s why you need cutting-edge solutions from specialists like Eye Security. Additionally, scrutinizing the sender's address in emails is crucial to detect spoofing attempts.
Domain spoofing is another tactic where cyber criminals manipulate website names to deceive users and advertisers, leading to ad fraud and phishing attacks. Tennis may be a one-on-one game, but inspiration from other players, and iterative collaboration within teams, leads to a better chance of winning.
Feel free to contact our support team for any help or questions you may have. Our customers’ security is our top priority and we’re here to support every step of the way.
