Cybercriminals Exploit HTTP Headers to Steal Credentials in Phishing Attacks

Cybersecurity experts have raised alarms about a wave of phishing attacks leveraging HTTP headers to deploy fake email login pages designed to steal credentials.

Unlike typical phishing methods that rely on HTML content, these attacks manipulate the HTTP response header before the HTML loads. This allows the phishing page to automatically reload without user interaction, making the attack more seamless.

The phishing campaigns, which have been active between May and July 2024, primarily target large organizations in South Korea, as well as U.S. government agencies and educational institutions. More than 2,000 malicious URLs have been identified, with the business sector being the most affected (36%), followed by finance (12.9%), government (6.9%), and healthcare (5.7%).

The attacks rely on spoofed email login pages that pre-fill victims’ email addresses, making the phishing attempts appear more legitimate. The use of popular domain names and URL shortening services further obscures the true nature of the attack. This technique allows attackers to redirect victims to malicious sites while masking their true intent.

Phishing and business email compromise (BEC) schemes remain prominent methods for cybercriminals seeking to extract sensitive information. Since 2013, these attacks have resulted in global losses of approximately $55.49 billion, with over 305,000 incidents reported. Recent phishing schemes have also incorporated deepfake videos of public figures to trick users into participating in fraudulent investment schemes.

A separate report sheds light on a long-standing cybercriminal enterprise called Greasy Opal, which has been operational since 2009. This Czech-based group offers CAPTCHA-solving services to cybercriminals, enabling large-scale credential stuffing, fake account creation, and social media spam. The group’s sophisticated business model reportedly earned $1.7 million in 2023 alone.

To prevent falling victim to such attacks, users should be cautious about unsolicited emails and avoid clicking on unfamiliar links. Implementing multi-factor authentication (MFA), keeping software updated, and educating employees on phishing tactics are essential defenses.