The phishing is still a very profitable technique for crooks, phishers try to improve old tactic in a new fashion in order to steal victims’ information.
One of the most common suggestions to mitigate phishing attacks is to inspect the links in a mail to see if they reference to the website where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe.
Unfortunately, this is not enough to protect users, It is important never follow the URLs included in the emails or attachments.
The phishing page used in the attack spotted by the researchers is hosted on www[dot]egypt-trips[dot]co which seems to be an unused website running a WordPress CMS.
This technique could be very insidious if the attackers also hosted the phishing page on a website that appears as legitimate, for example http://paypalnew.com.
“Now if the phishers were intelligent enough to put this on a website with a half believable URL, something like http://paypalnew.com which was used in a series of Phishing attacks yesterday, we would be in trouble, because users wouldn’t realise that they were giving their details to a phisher.
Luckily enough, there are enough warning bells with this particular one to prevent most people falling for it, but some always do.” closes the post.
In this specific case, the site owner was already contacted by the expert.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.