As the holiday and New Year sales season approaches, online shoppers are gearing up for exciting discounts and deals on popular platforms like Amazon. However, cyber criminals are also preparing to exploit this surge in online activity, using increasingly sophisticated tools to deceive unsuspecting users.
In a recent breakthrough, StrongestLayer has successfully intercepted a brand new, just recently created (literally the domains are being created for this campaign at this time while this blog is being written) in advanced AI-driven phishing campaign that seems to be in the phase of ramping up their domain acquisition and preparedness phase before the holiday season hits and the shoppers jump on to the big sales, specifically targeting Amazon shoppers.
The discovery highlights both the growing capabilities of malicious actors and the importance of cutting-edge defenses in the fight against cyber crime.
Unlike traditional phishing attempts, this campaign is driven by artificial intelligence, as we take you through some of the artifacts in their “cloaked” siblings. Take a look at their cloaked landing page below:
Here’s a glance at their source codes (the favicons in the browser tabs above are obvious):
If we take a closer look, we can see that an AI assisted tool has replicated the same template to serve their cloaked landing page while appending machine generated text in the “overflow-hidden row” with a height of 0 pixels (invisible). If we change that to let’s say 500 pixels and reload the page in a web browser, it looks something like this:
Here we can clearly see that the AI assistance at play where it has randomly machine generated a whole bunch of urls as hyperlinks and then embedded them into the same cloaked stage page as an invisible div which is basically preventing the domain hosting provider from flagging these pages based on similarity. However, once these domains come out of the cloaked stage and go into the “armed” stage, the landing pages look something like this:
This enables the campaign to craft highly realistic and convincing Amazon website clones in an automated manner. Using machine learning algorithms, the attackers mimic Amazon’s branding and communication style with remarkable precision. The websites include enticing fake promotions and seemingly legitimate purchase alerts, designed to lure users into clicking malicious links. Based on our previous analyses of AI generated phishing campaigns, the AI even tailors messages based on recipients’ shopping habits, previous purchase histories and serving content in regional languages, making the attacks highly convincing to even tech-savvy individuals. What’s most horrific from an end user’s perspective is that none of the legacy security vendors have so far been able to detect the majority of these websites, yet.
StrongestLayer’s recursive Predictive Threat AI Model (The ZeroDay Engine or ZDE) is always on the lookout, monitoring thousands of world’s top brands and customer supply chain vendors, providing pre-emptive safety around those brands and their industrial web footprint so that our customers are not harmed by any of these up and coming phishing campaigns from a huge list of known threat actors that are being monitored by our AI Model’s Time Machine module (in real-time). At StrongestLayer, we will not only keep our customers protected from these online phishing campaigns going into the upcoming holiday season, we will continue to hunt down these phishing campaigns before they even become “a thing” in real life.
As online shopping continues to be the norm, the need for robust cybersecurity measures has never been more critical. StrongestLayer’s success in thwarting this AI-generated phishing campaign underscores the importance of staying ahead of cybercriminals who leverage advanced technologies. Shoppers are urged to remain vigilant, scrutinize emails claiming to be from trusted retailers, and adopt security best practices such as two-factor authentication. With a combination of advanced technology and informed users, the fight against AI-driven cyber threats can tilt in favor of digital safety this holiday season.