May 14 2024

CYBER904's Browser Protection Service is leveraged by teams across the world to combat against weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risk in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing. The following report highlights recently detected sites that were deemed suspicious:

[Image 1]

This page was detected by CYBER904 on May 3rd. It was originally reported by one security vendor in February and is currently reported by 11 vendors for phishing activity. CYBER904 intervened with a 14% risk assessment due to the detection of suspicious behavior. This is an email credentials phishing page that utilizes the shared document scam. The user receives a phishing email that alerts them that there are important documents that need their attention, usually pertaining to invoices or bills. This information, combined with a sense of urgency in the message, encourages users to look at the document as soon as possible and not verify its source. CYBER904 Recommends: This URL should be blocked. While in an isolated session, keyboard input is blocked, and users cannot enter their credentials.

[Image 2]

This page was detected by CYBER904 on May 6th, the same day other security vendors began reporting. It is currently detected by 12 vendors for phishing and malicious behavior. CYBER904 intervened with a 22% risk assessment due to suspicious activity. This site has been detected as a shopping scam. Shopping scams aim to take financial and personal data from the user by promising popular products at steep discounts. These sites are often taken down shortly after generation and are linked to spam or malicious advertising platforms. Although they may easily appear fraudulent to the average user, CYBER904’s protection offers additional coverage when users may be unsure of a webpage’s legitimacy. Conceal Recommends: This domain should be blocked. While in an isolated session, keyboard input is blocked, and users cannot enter sensitive information.

[Image 3]

This page was detected by CYBER904 on May 3rd, with the first security vendors reporting a few days earlier. It was initially detected by five vendors on May 1st and is currently detected by 17 vendors for phishing. CYBER904 intervened with a 29% risk assessment, citing suspicious behavior. This site also demonstrates a shared document scam; however, it differs from others by pretending to be the user’s online storage drive, rather than just one document. This may make users believe that the link took them to their personal account and be more likely to enter their password to access the fraudulent document. This phishing attempt takes advantage of the user not investigating the page further because it looks so close to the legitimate version of the site. Conceal Recommends: This URL should be blocked. While in an isolated session, keyboard input is blocked, and user credentials remain protected.