To steal personal data, passwords or compromise systems, hackers are going to use different strategies. In this article we are going to talk about a new phishing method with which they can steal money. We are going to explain what it is and what we must do to be protected at all times and thus prevent our bank accounts and personal information from being stolen.
Reverse tunnels and shortened URLs
A group of security researchers has begun to see a change in the way cybercriminals launch phishing attacks. This type of strategy is very common to steal passwords or bank details. What they do now is use services of reverse tunnelin addition to shortened urls. The goal is to avoid being detected.
What does reverse tunnel mean? With this method hackers will be able to host phishing websites locally on their own computers. In this way they manage to route the connections to the external service. With this they avoid being detected, since it is more difficult to know that it really is an attack.
Furthermore, when using shortened links they will manage to create numerous links and make it even more difficult to be detected. By constantly updating, they ensure that these links are not blocked, since they are constantly new and will make the work of security services more complicated.
The company specialized in the protection of digital risks CloudSEK, has detected a significant increase of these strategies. Attackers are increasingly using reverse tunnels and shortened URLs to launch phishing attacks to spoof identities. They use popular link shortening services like Bit.ly or Cutt.ly.
The problem comes when the victim falls into this trap and hands over their data to the hackers. It basically means that your login information or any data you send is going to travel directly to a server controlled by the attackers. That’s when information theft comes in.
What to do to avoid these attacks
What can we do to avoid these types of attacks that can steal money or personal data? Although cybercriminals perfect their attack techniques, the truth is that the protection measures will basically remain the same. The most important of all is the common sense and avoid making mistakes.
You should always login via reliable sources. You have to enter the official website or use legitimate applications to submit personal data, bank information, make a purchase, etc. Otherwise, you would run the risk of delivering that data to a server controlled by attackers.
In addition, we have seen that one of the most used strategies is to use shortened links to avoid security measures. Never log in, make a payment or submit any sensitive information through such links. You can always analyze shortened links to make sure they are trustworthy.
On the other hand, it is equally important to have security programssuch as a good antivirus, as well as having All updated to avoid vulnerabilities that can be exploited. In this way, your personal data will be more protected and you will have fewer problems that could compromise your information.
