Skip to content
Back Home
Horn Player, Tech Enthusiast
  • 2022-23 KY All-State Etudes
  • Blogs
    • Horn
    • Tech
    • Personal
  • French Horn
    • French Horn Resources
    • Want Lessons?
    • Current Students
  • Web Services
  • About Me
    • /Uses
    • Biography
    • Contact
  • Search
Back Home
Horn Player, Tech Enthusiast
  • Search
  • 2022-23 KY All-State Etudes
  • Blogs
    • Horn
    • Tech
    • Personal
  • French Horn
    • French Horn Resources
    • Want Lessons?
    • Current Students
  • Web Services
  • About Me
    • /Uses
    • Biography
    • Contact
Home » PaaS Attacks Enable More Dangerous Phishing Emails
Tech

PaaS Attacks Enable More Dangerous Phishing Emails

by Colin Dorman|Published September 30, 2022-Updated September 30, 2022

A small (but important) public services announcement: a new phishing-as-a-service (PaaS) model is commoditizing complex phishing attacks.

I’ll touch on the details below, but here’s the most important thing to know: it’s now possible for anyone to perform a sophisticated phishing attack – which can bypass strong passwords and 2FA protection – with little cost and almost no experience necessary.

The protection from this attack is relatively simple, though:

Never click on links in emails or text messages. 

How it Works

According to an article by Resecurity, this new service is called EvilProxy and allows a novice attacker quick and inexpensive access to complex reverse proxy and cookie injection attacks.

The attack works by an attacker sending the target a link to a phishing page via email or text. This page uses a reverse proxy to steal images and content from the legitimate page (creating an almost exact duplicate of a real login page) and to collect all the information sent from the user to the (authentic-looking) phishing page. The only real way to tell the phishing page from the real webpage is to carefully inspect the URL bar – something which most users are not in the habit of.

The collected information can include usernames, passwords, 2FA tokens, and even authentication cookies. While stealing login credentials is bad, collecting the actual authentication cookie allows an attacker to log in to a victim’s account without needing to provide any credentials or 2FA tokens. Completely bypassing the protections offered by 2FA after just a single mistake from a user.

This kind of attack is called a “man-in-the-middle” attack, and you can see the attack flow in this image from the Resecurity blog entry:

The EvilProxy attack flow. (MFA = multifactor authentication)

What it Means for You

This new “phishing-as-a-service” attack will certainly increase the number of successful cyberattacks against big and small businesses and individuals. If you’re not taking steps to secure your digital business and personal accounts, you should be.

But maybe the worst thing is that, at the moment, EvilProxy is just a single service. But its success will likely lead to copycat businesses that will try to compete with lower costs or great features. I imagine that within 3-6 months we’ll all be seeing a noticeable uptick in phishing email and text message attacks. 

Remember that the only way to prevent this attack is by never clicking on the link in the first place. If you get an email about your account from Gmail, Microsoft, LinkedIn, your bank, etc. always navigate directly to that site in your web browser to investigate. Never click a link in an email or text message (even if it looks authentic). 

You may also like:

  • Two Google Moves Towards Privacy
  • Summer 2022: WordPress Security News
  • iOS Accessibility Controls for EVERYONE
  • Google’s Plea for Apple to Fix…Android Messaging?
  • email
  • privacy
  • security
  • spam email

AUTHOR

Colin Dorman
Colin is a freelance horn player and teacher, as well as a fan of tech of all sorts, aviation, and increasingly complex flight simulators. He also enjoys beer, bourbon and fitness - but not at the same time. You can find him on Facebook, Twitter, as well as right here at ColinDorman.com!
392 posts

You may also like

Published April 2, 2021

New Research Looks at Why People Share Misinformation

A recent research paper takes a look at why people share misinformation – and if they even recognize it at all.

Published June 4, 2021

Amazon Sidewalk: Should You Share Your Network?

A lot has been made about Amazon’s forthcoming Sidewalk service. Here’s what you need to know before it rolls out on June 8.

Published November 1, 2019

Code That Has Changed History

Code shapes our lives in more ways than most realize. Here are a few of the best and worst examples.

Published August 30, 2019

Open-source Dangers: Supply Chain Infection

For software security, many people prefer open-source software. It’s usually functional and inexpensive, although it’s not always pretty. It also (generally) has […]

French Horn Lesson - Online or In-person
Web Services - Sites, Support, and More

Support This Site

support-site-colindorman.com




Recent Posts

  • The Last Chance for LastPass
  • Why Substituting Intensity for Consistency Leads to Audition Disappointment – and How to Fix It.
  • All-District/All-State Audition Preparation
  • How 5 Minutes of Practice Can Lead to Real Change
  • The Best Way to Transfer to a New iPhone (and eSIM Thoughts)

View Sitemap

Post navigation

  • Previous post Thoughts on Getting Gigs in a Pit
  • Back to post list
  • Next post The Best Way to Transfer to a New iPhone (and eSIM Thoughts)

© 2023 Colin Dorman – All rights reserved

Designed by Colin Dorman