According to research by The Anti Phishing Working Group, attempts at scams using Phishing and Social Engineering have tripled since 2019. It is no wonder that Phishing scams are one of the most common methods of attack today and also one of the most profitable for threat actors.
Thousands of users, companies and employees are victims of Phishing every year and to keep information safe it is necessary to understand a little more about this threat. Fortunately, their common nature also makes phishing scams preventable if you know how to correctly identify and avoid them, and that’s what we’re going to talk about in this article.
What is a Cloned Site (or Phishing)
Website cloning, in a nutshell, refers to the copying or duplication of an unprotected website in order to create a new website that may be exactly the same as the original or may present minor modifications that the common user is often unable to observe.
It is a type of social engineering attack that, in general, is used to capture sensitive user data including credentials, personal data and financial data, or to install a malicious file such as Malware or Ransomware.
In addition to capturing the information mentioned above, the risk of attackers obtaining information from an organization is high if phishing is applied with the correct Social Engineering. Therefore, VPN, e-mail and other corporate tools credentials can be captured and used for internal intrusions, access to confidential information and even for more refined attacks against a company’s customers or partners.
How it actually works and what are the most common targets
Website cloning tends to be quite sophisticated and involves a number of factors throughout the process. As already mentioned, in most cases, attackers create a copy of a webpage using a series of tools (HTTrack, for example) that maintain important characteristics to pass the feeling of legitimacy and induce users to believe that it is the original site and deliver the sensitive information desired for the success of the attack.
Any unprotected website can be copied, but the main targets are banks, payment processors and marketplaces. It is quite common, for example, to find cloned PayPal sites, since by getting credentials from that site, the attackers have access to other sensitive data from the cards registered in the captured accounts, making the scam even more efficient and devastating.
As we saw in the image, the cloned site has the same structure and design as the original site. This is the crucial point of the technique so that victims are led to ignore any differences, such as, for example, the URL that looks like the real one, but is not identical and could cause strangeness in the most attentive users.
After the copying process, the attacker needs the victims to visit the location (URL) of the clone. For this, it is very common to use links shared by personal and corporate emails, SMS messages, posts on social networks and exploitation of ads on Google that direct the target to click on a link to the clone site. Also at this time, attackers use techniques to maintain reliable characteristics, such as a spoofed email sender, URL obfuscation to trick email filters, and so on.
In the example below we see the email used to share the Phishing exemplified above. In it, it is possible to identify techniques such as obfuscation of the URL that leads to the fake page and the use of a sender that, despite being different, can easily be missed by an inattentive user who could click on the link and provide his credentials directly to the attacker’s database.
Being aware of phishing is extremely necessary, whether you are a networking professional, a business owner, or a common user who makes purchases on the internet, as a slip can cause damage such as financial loss and bad reputation in the market.
How to know if my site has been cloned and what to do
There are several ways to find out if your company’s website has been cloned. The most common way is to use Google alerts or commercially available tools that help the website owner or administrator identify if the content has been published elsewhere.
Examples of these tools are Copyscape and Copysentry, which automatically browse the entire Internet in search of copies of your content and send notifications as soon as any cloned content is identified.
Some actions can be taken immediately if a clone of your site is identified, such as:
- Being aware of phishing is extremely necessary, whether you are a networking professional, a business owner, or a common user who makes purchases on the internet, as a slip can cause damage such as financial loss and bad reputation in the market.
- Send security alerts to some fake content-blocking tools so that a threat warning is shown on the screen when the website is accessed. Tools like Google Safe Browsing and Microsoft Defender SmartScreen help with this mitigation.
- Submit takedown requests and notices to both the hosting provider and the tool responsible for registering the domain.
- Warn your company’s users and employees about a possible threat of cloning and ask that no credentials be shared before carefully checking the page.
- Requiring password modification from users aware that they have sent credentials to the fake site.
How to protect your company website
We already know some ways to mitigate the damage if cloning happens, but as with any cyber attack, it is necessary for the user and the security team to anticipate the attackers to protect data and infrastructure.
For users, vigilance and attention to detail are key. This is because a spoofed message or website often contains subtle misspellings, or changes to domain names and/or email senders, as seen in the previous examples.
In the case of companies and organizations, protection involves awareness and good practices that can help their users and employees to identify phishing scams more easily and also the technologies that, together with the security team, protect against various threats.
- Add an SSL certificate to your website
The SSL certificate informs users that the website accessed is the original authenticated version. In addition, they also allow you to use HTTPS and encrypt your users’ data.
- Adopt strict password management and 2FA policy for employees
Passwords that are too short or that contain personal data such as your own name are an easy target for attackers, and it is important to list minimum requirements for creating passwords in internal services, in addition to the mandatory 2FA for access.
- Establish a calendar of anti-phishing campaigns to raise awareness and guide your employees and customers
Educational campaigns help reduce the threat of phishing attacks, by applying safe practices, such as not clicking on external email links and not trusting any message received, among others.
- Monitor your website traffic
Tools such as Google Analytics allow continuous monitoring of incoming traffic to your website. Signs such as malicious bots, non-standard requests and domain names similar to yours (cybersquatting) can be identified in this monitoring.
- Use tools native to your email service such as DMARC and SPAM filters that detect malicious attachments, URLs present in a public blocklist, blank senders, etc.
SPAM filters and other built-in tools can help prevent emails containing malicious links or attachments from reaching your employees’ inboxes.
- Have a security platform, antivirus, or antiphishing solution to detect signs of attack
These solutions allow you to monitor and respond to phishing clones in real-time, as they detect the anomalies present in all malicious content in your email or infrastructure.
For example, FortiGuard WebSecurity uses artificial intelligence to provide comprehensive protection (IP Reputation, DNS Filtering, etc) and also supports dealing with threats including phishing, credential theft, phishing, spam and other web attacks.
Phishing attacks can be everywhere, but as we’ve covered throughout this article, there are a number of ways you can protect yourself from them. For this, it is important to keep up to date with the techniques used and the latest types of phishing threats, as your company and your customers need to have their data safe.
While being able to 100% prevent website cloning is quite challenging, the tips we shared above can help you protect yourself and prevent cyber criminals
from cloning your content or code. In addition, the steps listed for the case of an already active Phishing targeting your site show the correct actions to be taken to take down the clone site and protect yours.
With Securus, you can find security solutions that meet your budget and protect you from the most diverse threats, including WebPhishing, SpearPhishing, MailPhishing and SMSPhishing.
To learn more about our portfolio and security solutions, you can be assisted by one of our security professionals by clicking here.