Wealthy Scammer's Fraudulent Tool Employs Fresh Abilities to Conceal Dangerous Web Links
In the digital realm, cybercriminals are constantly evolving their tactics to outsmart security measures. One such example is the Tycoon Phishing Kit, a Phishing-as-a-Service (PhaaS) platform available for hire on the dark web.
The Tycoon Phishing Kit has developed new techniques to hide malicious links in email attacks, making it harder for security systems to detect and block them. One such technique is the Redundant Protocol Prefix, where the active part of the link is made to look benign and legitimate. Examples of this technique include 'https' or no '//' in the link, aiming to confuse automated detection systems and ensure the links aren't blocked.
Another approach used by Tycoon attacks is subdomain abuse. Attackers create fake websites using names seemingly linked to well-known companies. For instance, an example of subdomain abuse is 'office365Scaffidips.azgcvhzauig.es.', making the user think it is dealing with a Microsoft subdomain. However, the last part of the web address in subdomain abuse cases is an attacker-owned phishing site.
Attackers put something that looks reputable and trustworthy in the user info part, such as 'office365'. This tactic, combined with the Redundant Protocol Prefix technique, aims to confuse targets and their browser controls.
Tycoon attacks also use URL encoding, a method to obscure, muddle, and disrupt the structure of malicious links. Researchers observed this technique in phishing emails masquerading as voicemail messages from a trusted accounting service. The URL encoding used in the fake voicemail link inserted a series of invisible spaces into the web address using the code '%20'. The link's actual destination comes after the '@' symbol in Tycoon attacks.
The Tycoon Phishing Kit is known for enabling attackers to create fake subdomains resembling legitimate companies to trick victims. However, the specific company or individual behind the Tycoon kit has not been publicly identified in the available sources. The kit offers advanced capabilities, including tools to bypass detection and multi-factor authentication (MFA).
The evolution of Tycoon Phishing Kit is in response to improved capabilities of email security tools to detect and block dangerous links. As cybersecurity continues to evolve, it is crucial for users to remain vigilant and cautious when clicking on links, especially those that appear suspicious or unexpected. Always verify the authenticity of links before clicking on them, and never provide sensitive information in response to unsolicited emails.
