Chameleon phishing attack brings bad karma to email users

New research by Trustwave SpiderLabs has uncovered a phishing attack that is able to adapt itself to the user's email service in order to trick them into revealing their login credentials.

The attack acts like a chameleon, putting up a fake login page tailored for whatever email service the victim is using. So Gmail users for example will see a different page from Apple, Outlook or Yahoo! Mail users.

It's easy to see how people might fall for this as mail services occasionally ask people to confirm their details when accessing messages. The attack even helpfully pre-enters the user's email address so all they have to provide is the password. It also makes sure the password has been typed correctly by putting up an 'Invalid Details, Please try again' message after the first two attempts before redirecting to the genuine mail service on the third.

"It's very enticing to the victim especially if you're just clicking on emails non stop. In this case the email presented itself as a fax document to get to you to click on the link to be able to view it," says Karl Sigler, security research manager at SpiderLabs. "So if you're a person, that gets faxes on a regular basis, this might not be strange to drop into your email inbox. When you click on the link it will look exactly like Microsoft or Gmail or Yahoo! or whatever domain you're using. This gives the attackers a nice template that they can reuse for possible future campaigns."

The attack is a little unusual these days in that there’s no direct financial gain, though of course with access to your email account attackers can potentially discover useful data like who you bank with or intercept 2FA codes for other logins.

"Once you have credentials for somebody else, if they don't notice that you have access to all that data, you can launch a further campaign knowing what you know about that person," Sigler adds.

You can see full details of the attack on the Spiderlabs blog.

Photo credit: archerix /Shutterstock