Researchers at Avanan, a Check Point Company, have discovered threat actors are using the legitimacy of Amazon Web Services (AWS) to create phishing websites that bypass scanners and get users to steal credentials. The attack brief that Avanan has put out looks at how hackers are creating phishing pages utilizing AWS applications via email for credential harvesting, using static expressway techniques to target victims.
Avanan’s cybersecurity research uncovered that this new attack is exploiting a legitimate AWS app domain to build sites and send them as fraudulent password expiration notifications via email to victims prompting them to click on the page to conduct a credential reset.
This campaign is prompting vulnerable users to click on the password reset page, which shows the targeted victim’s company domain filled in at the URL bar, company logo, and pre-populated email address, so all the user needs to do is enter their password.
The attack brief can be found here: https://www.avanan.com/blog/hackers-build-phishing-pages-using-aws-apps