ESET, the cybersecurity company, has warned about a new form of digital fraud being used in both Mexico and several regions around the world. This is active phishing, which is characterized by being more efficient and using previously unseen deceptive techniques that cause victims to fall into the trap without realizing it.
Dynamic phishing, as ESET calls it, allows cybercriminals to quickly and convincingly create false login pages. This technique enables them to customize the fraud in real-time, adapting the appearance of the page to any target organization, including public service logos, which helps them evade detection by traditional security filters.
These attacks are hosted on platforms such as Firebase, Oracle Cloud, or GitHub, making them difficult to identify and eliminate. Additionally, attackers can hide malicious links in trusted domains due to the existence of open redirects in many online services.
To combat this new type of phishing, ESET recommends that companies implement measures such as a second factor of authentication (MFA) and add an additional layer of security to prevent the misuse of stolen credentials. Furthermore, maintaining constant vigilance and implementing better security practices against any digital or cyber threats is essential.
According to Camilo GutiƩrrez Amaya, head of the ESET Latin America Research Lab, dynamic phishing stands out for the ease with which cybercriminals can send emails with links to malicious sites without the need to clone complex websites. The email leads to a fake login page that allows dynamic customization based on the target company.
Once the victim enters their credentials on the fake page, the information is sent in real-time to the attackers, ultimately redirecting it to their legitimate corporate website. This new form of phishing represents a significant challenge for cybersecurity, as the legitimate appearance of fake pages makes detection difficult and allows cybercriminals to operate undetected.
