"Defenders Can Discover Phishing Sites Through Web Analytics IDs"
There has been an increase in the use of web analytics services by phishing websites. The unique tracking IDs added to the code of phishing websites when these services are used can help defenders detect phishing attacks. Web analytics services help phishing kit developers get a better idea of how effective their campaigns are. The data collected via web analytics services can allow cybercriminals to measure the effectiveness of their phishing attacks and adjust their targeting accordingly. An analytics UID added to multiple phishing pages can be used to create a detection signature as well as a web firewall rule, which could help security vendors and enterprise security teams discover and block multiple phishing pages from the same campaign. This article continues to discuss the use of web analytics services by phishing kit developers, how defenders can use analytics UIDs to detect phishing websites, and two examples in which researchers were able to identify much larger campaigns through the use of these UIDs.
CSO AU reports "Defenders Can Discover Phishing Sites Through Web Analytics IDs"