iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A prominent cyber security trend that has gained traction in the last 12 months is third-party phishing.
This sophisticated technique has emerged as a formidable challenge, allowing threat actors to breach defences, exploit trust, and compromise personal information.
In the first half of 2023, BlueVoyant’s expert cyber threat analysts have identified an alarming surge in this tactic, shining a spotlight on its complexity, impact, and the urgent need for organisations to bolster their defences.
The evolution: Traditional v third-party phishing
Traditional phishing has long been a cyber security concern, with attackers mimicking legitimate websites to dupe users into sharing sensitive information. In contrast, third-party phishing involves a dual-layer impersonation. Intermediary sites, seemingly unrelated to the targeted brand, act as the initial deception, funnelling users towards the actual phishing site. This innovation empowers attackers to exploit a broader user base while maintaining an elusive cover.
Third-party phishing transcends borders and sectors, leaving no industry unscathed. From financial institutions and e-commerce platforms to government services and logistics companies, this menace infiltrates diverse domains.
One of the defining features of third-party phishing is its scale. Over the past year, BlueVoyant’s researchers have witnessed a surge in the number of these attacks. Notably, a major European client reported a staggering increase from a mere 2 per cent of detected phishing attacks in 2022 to a concerning 21 per cent in 2023, underscoring the gravity of this threat.
Case studies: unmasking the attack chain
Examining real-world case studies sheds light on the mechanics of third-party phishing campaigns. In Europe and the UK, financial institutions are targeted through intermediary websites impersonating trusted platforms like postal services and government services. Meanwhile, North America has seen attacks on financial institutions, e-commerce retailers, and logistics companies.
Here in the Asia-Pacific region, BlueVoyant has detected third-party phishing campaigns targeting various shipping and logistics companies as well as government services. For example, a third-party phishing site masquerading as the ATO (Australian Tax Office) payment site, which then redirects users to a phishing page impersonating the financial institution of their choice – designed to collect the victim’s PII (personally identifiable information) and credentials.
Mitigation recommendations
Third-party phishing adds a new wrinkle to the oldest trick in the book. Intermediary sites directing victims to various different phishing sites provides two benefits to attackers: it allows them to cast a wider net and catch more fish (so to speak), and it provides another degree between them and threat hunters who may be on their trail.
Organisations now need to not only monitor for cyber threat activity targeting their own domains but for third-party phishing attempts making use of an intermediary to direct traffic to a different phishing page – sometimes hosted on the same domain as the intermediary site – that may be harder to detect on its own. The increased risk associated with one website acting as a gateway to dozens of financial institutions is substantial and security teams will need to increase their efforts to find third-party phishing sites that could be targeting them and many of their peers.
The proliferation of third-party phishing presents a critical challenge for organisations striving to safeguard their digital assets and customers’ trust. Combatting this threat necessitates a multifaceted approach:
Vigilance: Organisations must monitor for lookalike domains and unauthorised use of their brand assets across the web.
Education: Clients and employees should be educated about third-party phishing, encouraging them to scrutinise URLs and resist entering credentials or sensitive information on unfamiliar sites.
Rapid remediation: Swiftly address malicious domains associated with third-party phishing to mitigate risks and thwart large-scale attacks.
Collaboration: Engage an end-to-end digital risk protection vendor, such as BlueVoyant, to proactively detect third-party phishing campaigns, receive verified alerts, and promptly neutralise threats.
At a time of relentless innovation on both sides of the cyber security divide, organisations must remain vigilant, adaptive, and proactive. The rise of third-party phishing serves as a stark reminder that complacency is not an option. By embracing a comprehensive strategy, fortified by partnerships with industry leaders, businesses can continue to defend against the ever-evolving threat landscape and protect the digital trust they’ve worked so hard to build.
Sumit Bansal is vice president, APAC, at BlueVoyant.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
