Exploiting the Abandoned: Exposing Phishing Tactics Through Neglected Websites

Background of Abandoned Website Phishing

The Critical Start Cyber Threat Intelligence Team is aware of cybercriminals employing a tactic known as “abandoned website phishing” to carry out their malicious activities. In this approach, attackers take advantage of websites that have been neglected or abandoned by their original owners. They repurpose these sites to host phishing content, often in an attempt to deceive users into divulging sensitive information, such as login credentials, financial details, or personal data.

Long-abandoned domains are proving to be a haven for attackers, offering them a sustained platform for hosting phishing pages. For malicious actors, infiltrating abandoned or minimally maintained websites often requires low effort due to the existing security vulnerabilities within the environment. In 2022, security researchers and vendors disclosed a staggering 2,370 vulnerabilities within WordPress and its plugins. Predominant among these vulnerabilities are cross-site scripting, authorization bypass, SQL injection, and information disclosure. These flaws have enabled threat actors to capitalize on the utilization of neglected websites as a prominent tactic in 2023.

Abandoned Website Phishing Mitigations

To safeguard against such threats, individuals and organizations should remain vigilant by:

Awareness and Education: Ensure that users are educated about the risks of phishing attacks, including tactics like abandoned website phishing. Regularly conduct phishing awareness training to teach users how to recognize suspicious content and avoid falling victim.

URL Inspection: Encourage users to carefully inspect URLs before clicking on links. Hovering over links to reveal their true destinations can help detect fraudulent sites.

Up-to-date Security Tools: Employ robust security solutions that include anti-phishing capabilities. These tools can identify and block known phishing sites and patterns.

Multi-Factor Authentication (MFA): Implement MFA wherever possible to add an extra layer of protection even if attackers manage to obtain login credentials.

Regular Website Maintenance: For website owners, it’s important to maintain and secure their online properties. Regularly check and update websites, especially if they’ve been dormant or abandoned for a while.

Reporting Suspicious Activity: Encourage users to report any suspicious emails, links, or websites to IT or security teams promptly.

Browser Security Features: Utilize browser security features, such as warnings about potentially harmful websites, to help users stay safe online.

Conclusion

By repurposing abandoned websites, phishing operators exploit the trust that users might have in these domains, making it more likely for victims to interact with the content without suspicion. The attackers might send out phishing emails, messages, or links that direct users to these compromised sites, where they are prompted to enter their confidential information. By staying informed about evolving phishing tactics and adopting preventive measures, individuals and organizations can reduce the risk of falling victim to phishing attacks, including those that exploit abandoned websites.

__________________________________________________________________________

CRITICALSTART® offers a pioneering solution to modern organizational challenges in aligning cyber protection with risk appetite through its Cyber Operations Risk & Response™ platform, award-winning Managed Detection and Response (MDR) services, and a dedicated human-led risk and security team. By providing continuous monitoring, mitigation, maturity assessments, and comprehensive threat intelligence research, they enable businesses to proactively protect critical assets with measurable ROI. Critical Start’s comprehensive approach allows organizations to achieve the highest level of cyber risk reduction for every dollar invested, aligning with their desired levels of risk tolerance. 

References