Exploiting data analytics websites
Analytics websites are a great tool for tracking ROI including user behavior, page navigation, and technical metrics. Now, malicious actors are also using these tools to track metrics for phishing campaigns.
Security experts discovered a phishing campaign that targeted LinkedIn users between April and July this year. It used an ID of an analytics network that was related to multiple phishing domains that targeted LinkedIn users.
“The campaign registered many misleading domains to lure its victims, but each domain hosted a different variation of the phishing kit's source code, making it hard to detect them all without the Google ID,” say researchers.
Using the same analytics tools for defense
The tracking ID of a campaign can be helpful for researchers and security experts to dismantle campaigns by shutting down fraudulent websites.
A campaign targeting AirBnB logins generated malicious subdomains to escape detection. But all these subdomains used the same UID, which was ripped off AirBnB. This helped researchers detect and shut down the campaign.
In conclusion, this appears to be another legitimate tool that fraudsters are abusing for their benefits. However, this also helps researchers group campaigns and detect new ones better.