Why This Matters
In today’s digital age, even legitimate websites are not safe from being compromised by cybercriminals. A hybrid-AI phishing group has targeted high-profile industries, setting up fake luxury car dealerships, job portals, and real estate agencies across the US, Europe, the Middle East, and Africa.
These attacks have successfully bypassed security controls, tricking users into wire transfer fraud, credit card theft, and sensitive data harvesting. The tactics used are more sophisticated than ever, blending AI and traditional phishing techniques to deceive even the most vigilant users.
Exposing the Phishing Campaign
The StrongestLayer Threat Intelligence team has uncovered a vast phishing network run by an advanced group. This group has generated AI-powered websites impersonating reputable brands and creating entirely fictitious ones, including luxury car dealerships, HR job portals, and real estate agencies.
This operation marks an evolution of tactics first seen in an earlier investigation, where over 3 million malicious domains were exposed. However, the scale and sophistication of this campaign pose an even greater threat.
Key Tactics Employed:
- Identical Website Templates: Attackers replicate known templates across multiple fake brands to create a sense of legitimacy.
- Reused Contact Details: Same phone numbers, VoIP scam numbers, and even generic emails like contact@company.com are reused across websites to target novice users.
- Compromised Legitimate Websites: Beyond fake brands, attackers infiltrate real businesses like luxury car dealerships, embedding fake contact pages that redirect users to malicious data collection forms.
For instance, the car sales website Boutique Auto Haus, a legitimate business in New Jersey, was compromised. Attackers inserted a fake contact page that rerouted customers to a phishing number, tricking them into revealing sensitive information.
The Hybrid-AI Advantage
What sets this phishing campaign apart is the seamless blend of AI-generated content and traditional phishing techniques. Attackers are using AI to create realistic images, text, and page designs that mimic well-known brands and legitimate sites. This makes their phishing sites nearly indistinguishable from the real ones, often fooling even security professionals.
New Threat Vectors
- AI-Generated Brands: Phishing websites are increasingly being auto-generated by AI, allowing attackers to scale their operations faster and more efficiently.
- Global Reach: The campaign targets users across the US, EU, Middle East, and Africa, showing no geographical limits to its impact.
- Compromised Search Results: Even after a legitimate site removes malicious content, Google’s cached versions of the site may still display the phishing pages. This extends the lifecycle of phishing campaigns.
The Hybrid-AI Advantage
What sets this phishing campaign apart is the seamless blend of AI-generated content and traditional phishing techniques. Attackers are using AI to create realistic images, text, and page designs that mimic well-known brands and legitimate sites. This makes their phishing sites nearly indistinguishable from the real ones, often fooling even security professionals.
Protecting Your Organization
StrongestLayer’s solution provides the necessary tools to combat these new types of hybrid-AI phishing attacks. With advanced detection capabilities that can spot AI-generated content, our platform helps your employees avoid falling prey to these sophisticated scams.
Organizations need to be proactive in securing their brand websites, regularly checking for any unauthorized changes or malicious contact pages. Employees must be trained to identify phishing attempts, even on legitimate websites, to ensure company and customer data remains secure.
Sample List of Indicators of Compromise (IOCs)
Below is a sample list of fake domains and compromised websites involved in this phishing operation:
- compromisedsite[.]com/contact (Compromised legitimate website redirecting to malicious data collection form)
- aceguarantybnk[.]com (Fake bank)
- amazonexpressglobal[.]com (Fake global shipping brand)
- swiftnexusbank[.]com (Fake financial institution)
Final Thoughts
As phishing attacks grow in sophistication, the fusion of AI-generated brands and real-world websites makes it increasingly difficult to distinguish between legitimate and fraudulent online entities. It’s essential that both individuals and organizations remain vigilant, adopt advanced security solutions, and continuously update their knowledge of the latest cyber threats. Stay protected with StrongestLayer.
Below is a sample list of IOCs, fake brands and compromised websites still being exploited in this operation:
FAQs (Frequently Asked Questions)
How can I identify a fake website?
Always check for inconsistencies such as generic contact details (e.g., contact@company.com), reused templates, or mismatched URLs in links. For more protection, use security tools that detect phishing attempts.
What makes hybrid-AI phishing campaigns so dangerous?
These campaigns leverage AI to automatically generate websites, creating lifelike fake brands. They can scale faster and trick both employees and customers, making it harder for traditional security tools to keep up.
How do attackers compromise legitimate websites?
Attackers infiltrate sites through security vulnerabilities, often adding hidden pages or malicious contact forms that redirect users to phishing sites or scam numbers.
Can Google’s search cache be a threat?
Yes, even if a website cleans up after a compromise, Google’s cache may still display the old malicious pages. This extends the period during which users are exposed to phishing.
Written by Safwan Khan & Haris Kamal
StrongestLayer Threat Intelligence