hosting image
Learn about this new method to detect Phishing MitM

Image Credits: Getty Images

Learn about this new method to detect Phishing MitM

Kit to detect Phishing MitM attacks

Phishing attack basically consists of sending the victim a link that takes him to a fake website where he has to put his data. For example, a website that pretends to be a bank page, a portal to log in to email, or any social network such as Facebook. The problem is that when the user logs in, the password is sent to a server controlled by the attackers.

But if we talk about Phishing MitM it is different. In this case, the attacker is not going to create a fake website but is going to place himself in the middle between the victim and the final server. For example, if someone logs on to Facebook from their computer, that attacker will intercept the keys that they send to the social network in order to enter. This is known as Man in the Middle or MitM. What it does is reflect the content in real-time and thus steal the data.

So, how does the method devised by this group of researchers to detect Phishing MitM attacks work? It is based on a machine learning classifier that uses different functions at the network level, such as fingerprints, to be able to detect potential Phishing websites hosted in Phishing MitM toolkits on reverse proxy servers.

Furthermore, it also involves data collection to monitor and track suspicious URLs of open-source Phishing databases such as OpenPhish and PhishTank. The main objective is to measure the round-trip delays that arise when placing a Phishing MitM kit. It basically means that it will take longer for the victim to receive the response after sending the request.

Over 1,000 Phishing MitM Sites

This group of security researchers has analyzed web pages for a year and found that 1,200 sites have been operated with Phishing MitM kits. This is something that has affected many countries in the world and that depended on hosting services from Amazon, Google, or Microsoft, among others.

If we talk about which web pages have been the most affected, we can name Instagram, PayPal, Google, Outlook, or LinkedIn, among others. They are widely used services and they have been able to put the security and privacy of many users of all nationalities at risk.

Without a doubt, we are facing a more than the important threat that requires taking measures to prevent password theft. Common sense in these cases is essential, as we must avoid browsing unreliable pages or accessing through links that may be compromised.