Horn Player/Web Developer

Home » PaaS Attacks Enable More Dangerous Phishing Emails

PaaS Attacks Enable More Dangerous Phishing Emails

A small (but important) public services announcement: a new phishing-as-a-service (PaaS) model is commoditizing complex phishing attacks.

I’ll touch on the details below, but here’s the most important thing to know: it’s now possible for anyone to perform a sophisticated phishing attack – which can bypass strong passwords and 2FA protection – with little cost and almost no experience necessary.

The protection from this attack is relatively simple, though:

Never click on links in emails or text messages

How it Works

According to an article by Resecurity, this new service is called EvilProxy and allows a novice attacker quick and inexpensive access to complex reverse proxy and cookie injection attacks.

The attack works by an attacker sending the target a link to a phishing page via email or text. This page uses a reverse proxy to steal images and content from the legitimate page (creating an almost exact duplicate of a real login page) and to collect all the information sent from the user to the (authentic-looking) phishing page. The only real way to tell the phishing page from the real webpage is to carefully inspect the URL bar – something which most users are not in the habit of.

The collected information can include usernames, passwords, 2FA tokens, and even authentication cookies. While stealing login credentials is bad, collecting the actual authentication cookie allows an attacker to log in to a victim’s account without needing to provide any credentials or 2FA tokens. Completely bypassing the protections offered by 2FA after just a single mistake from a user.

This kind of attack is called a “man-in-the-middle” attack, and you can see the attack flow in this image from the Resecurity blog entry:

The EvilProxy attack flow. (MFA = multifactor authentication)

What it Means for You

This new “phishing-as-a-service” attack will certainly increase the number of successful cyberattacks against big and small businesses and individuals. If you’re not taking steps to secure your digital business and personal accounts, you should be.

But maybe the worst thing is that, at the moment, EvilProxy is just a single service. But its success will likely lead to copycat businesses that will try to compete with lower costs or great features. I imagine that within 3-6 months we’ll all be seeing a noticeable uptick in phishing email and text message attacks

Remember that the only way to prevent this attack is by never clicking on the link in the first place. If you get an email about your account from Gmail, Microsoft, LinkedIn, your bank, etc. always navigate directly to that site in your web browser to investigate. Never click a link in an email or text message (even if it looks authentic). 

You may also like:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Support This Site

Buy Me a Coffee (or Beer)

Click here to buy me a coffee and support this site!

This page or post may additionally contain affiliate links, which means that I may receive compensation if you make a purchase using those links.

French Horn Lessons
Web Site Services

Newest Posts

Blog Categories

Colin Dorman Avatar

About the author

Colin is a freelance horn player and teacher, as well as a fan of tech of all sorts, aviation, and increasingly complex flight simulators. He also enjoys beer, bourbon and fitness – but not at the same time. You can find him on Facebook, Twitter, as well as right here at ColinDorman.com!