Threat actors have targeted North Americans, especially holiday shoppers, with lures sent using a sophisticated phishing kit.
The phishing tool utilises several evasion tactics and includes multiple functions to keep researchers from tracking its operators. Based on reports, one of the unique features used by the tool is a token-based system that ensures each target is redirected to a phishing webpage.
According to researchers, the campaign started a couple of months ago and continued for October. The main lure of the campaign is by offering discounts, which they often call “holiday specials.”
The phishing kit is disseminated through phishing emails to holiday shoppers.
The primary objective of the threat campaign is to infect potential victims with phishing kits sent through phishing emails.
The attackers could execute an efficient strategy as the email does not raise suspicions because the victims could only reach the phishing sites through a series of redirections.
In addition, the threat actors could abuse multiple legitimate cloud services like Azure, AWS, and Google by using their domain credibility, which most security solutions trust.
Every user who visits the phishing website will win a prize after completing a quick survey. Furthermore, a timer is attached to the survey to ensure that the victims will complete the survey immediately.
The most well-known brands that the actors spoofed for their phishing attacks are Costco and Sam’s club, which are both wholesale giants. Additionally, Delta Airlines and the high-end luggage manufacturer Tumi are also impersonated by the threat actors.
The phishing actors also use fake user testimonials that showcase the prizes to increase the sense of legitimacy of the campaign.
Unfortunately, most users will give their critical credentials at the end of the process as they can only claim the winning prizes if they provide their payment card details for the shipping cost. The credit card details will be in the hands of the phishing actors if the victims provide their data.
The researchers revealed that nearly 90% of the users landing on phishing domains hailed from Canada and the United States.
