Third-party phishing, a tactic that directs victims to fake phishing pages run by a trusted brand, is increasing significantly. Global financial institutions are particularly targeted by attackers. A new, dangerous trend.
Phishing has always posed a huge threat to businesses. What is particularly worrying is that attackers are constantly finding new ways to develop sophisticated attack methods that are able to bypass various cybersecurity protocols.
In the first half of 2023, BlueVoyant's cyber threat analysis experts began investigating an attack technique that they first identified in 2020 but which has increased dramatically in recent months: third-party phishing. The scale, complexity and successful provision of advanced evasion and stealth mechanisms for threat actors make this attack technique far more efficient than using traditional, standalone phishing websites.
Third-party phishing in many sectors
Third-party phishing is a phenomenon that targets hundreds of global financial institutions, among others, using intermediary sites that redirect victims to fake phishing sites masquerading as the domain of a trusted brand. By impersonating a seemingly unrelated brand, it is easier for attackers to avoid detection of their identities and schemes, while also collecting credentials and personal information from customers of a wider range of companies.
Cyber threat analysis experts have noticed a significant increase in the popularity and prevalence of this tactic among attackers. It is now present in multiple sectors: e-commerce, logistics and shipping, mobile operators, government institutions, payment processing platforms and more.
The report provides insight into the sophisticated methods attackers have developed to carry out third-party phishing campaigns, as well as best practices for mitigating this type of attack that users may not recognize, even if they are knowledgeable about cybersecurity.
Traditional phishing vs. third-party phishing
Traditionally, phishing websites primarily target users of an organization, either employees or customers. These websites typically follow a similar pattern: attackers use a phishing kit to create a nearly identical (or sufficiently convincing) fake corporate brand website. They use a domain that is as similar as possible to create a feeling of legitimacy.
Third-party phishing sites, on the other hand, share some of the characteristics of the aforementioned process, but with an additional step: the initial deception, which builds credibility with the end user, is carried out through a service that is not affiliated with the target organization. Furthermore, the third-party phishing site itself will not ask the user to enter their personal credentials. The scam occurs on the final phishing page to which the customer was redirected, which impersonates the chosen financial institution.
A global and cross-industry phenomenon
The trend of third-party phishing is not limited to a specific geographical region, but is taking place globally. The attackers also target various business sectors: financial institutions, governments, delivery services, e-commerce websites, payment platforms and more.
Threat actors are using third parties to carry out advanced phishing campaigns, as seen in examples in Europe and the UK. The security researchers discovered third-party phishing sites that impersonate dozens of financial institutions through intermediary websites and spoof postal services, e-commerce platforms, tax payment platforms, mobile phone providers and government services. Victims are lured to fake intermediary sites and ultimately redirected to the target phishing site that impersonates the victim's chosen financial institution.
Effective defense measures
Third-party phishing adds a new twist to the well-known scam method. Intermediary sites that direct victims to various phishing sites offer attackers two advantages: they allow them to cast a wider net and compromise more victims, and they create another layer between them and threat analysts who might be on their trail.
In addition to monitoring cyber threats targeting their own domains, organizations now need to be vigilant for attempts where an intermediary redirects traffic to another phishing site. The risk of one website serving as a gateway to dozens of financial institutions is enormous, and security teams must increase their efforts to find such phishing sites. To reduce the risk of third-party phishing, the following steps are recommended:
- Monitor similar domains and illegitimate use of corporate brands across the web to identify potential phishing sites.
- Training customers and employees on how to deal with third-party phishing and critically reviewing every URL.
- Combat malicious domains that use third-party phishing to minimize risk and potentially prevent large-scale attacks.
- Work closely with a holistic digital risk protection provider to proactively detect third-party phishing campaigns, receive validated alerts, and quickly remediate the threats.
About BlueVoyant
BlueVoyant combines internal and external cyber defense capabilities in an outcomes-based, cloud-native platform by continuously monitoring your network, endpoints, attack surface, supply chain, and the clear, deep, and dark web for threats. The full-spectrum cyber defense platform quickly illuminates, validates, and remediates threats to protect your organization. BlueVoyant leverages both machine learning-driven automation and human-led expertise.
Matching articles on the topic