How Reverse Proxys Can Be Used to Scam People

Reverse Proxys Used For Scams
Rate our article

With the advancements in security in our modern, digital day, we are often assured that our devices and online activity are secure and at minimal risk. While this may be true to some degree, we must remember that as our security tech improves, so do the resources for cybercriminals. 

A massive jump in security measures came with multi-function or two-factor authentication because of its multi-layer security measures. As you can imagine, this only gave hackers another challenge to undertake. Honestly, cybercriminals are like water; if there’s a small loophole, they’ll always find their way through, and they have by using reverse proxy phishing attacks. 

What is Multi-function Authentication?

MFA are strong authentication security measures that add several layers of protection to a person’s device or personal information. Depending on its design, MFA could require two or more factors to allow someone to log in to their account or info. This could be a password, biometrics, voice confirmation, one-time codes received via email or SMS, or the use of a token.  

What are Reverse Proxy’s

Reverse Proxy servers sit in front of web servers as a proxy, forwarding requests to web servers to allow users access. Their role is to improve the security and performance of websites. Essentially, they work like a middle-checking; instead of allowing users to connect directly to the website servers, they’ll access sites through the reverse proxy server.

In the past, we’ve seen cybercriminals use reverse proxies to attack and scam people.

How do Phishing attacks get around MFA?

With the rise of MFA, hackers have created phishing kits to get around this new defence mechanism. These kits offer a wide range of templates used to pose as existing sites to fool users into giving up their personal information. 

Using an integrated snatching system, threat actors can steal your login credentials and gain access to MFA codes that would usually protect your account. As you log onto a phishing page, the phishing kit sends a signal to a genuine online service and, in the process, steals your session cookies and then forwards the correct data to the user.

This keeps the user thinking they’re on the genuine site while the hackers have free reign to steal their credentials and cookies, giving them access to the victim’s accounts. There are three known phishing kits out there currently that are:

Necrobrowser: Necrobrowser was launched in 2019 and offers several dangerous features, including auto-login, Google Workspace disabling, password changing, dumping emails and checking SSG session keys.

Evilginx2: uses a system based on configured “phishlets” that allow hackers to target any website they’d like. This kit has several features that make it almost indistinguishable from a genuine website.

Modlishka: isn’t as fancy as the two above but can still completely steal your sessions and force notifications to your device to lure you to their false sites where they can potentially steal more of your personal information.

Can you stop a reverse proxy phishing attack?

You can’t exactly stop these phishing attacks, but you can avoid them. These attacks are orchestrated and often sold to the highest bidder on Darknet Markets and Forums, meaning the creators often have nothing to do with the attack, and will continue to make money from them as more scripts sell.

The only way to prevent falling into these traps is to check the URLs you’re going to carefully. If you happen to see a malicious link and enter it, there’s not much stopping hackers from accessing your personal info, so it’s best to err on the side of caution with this one.

This is all forms of OpSec

How to Avoid Phishing Attacks and Other Online Threats

Ensuring your online safety is paramount in today’s digital landscape. To navigate the internet securely, consider the following user-friendly, safe browsing practices:

Check how Authentic a Website is

Always verify the authenticity of the websites you visit before entering personal information or making transactions. Look for essential indicators like contact information, a privacy policy, and customer reviews. Be cautious when encountering websites that appear hastily assembled or need proper contact details.

Use a VPN 

Enhance your online privacy and security by considering the use of a VPN. VPNs are beneficial when connecting to public Wi-Fi networks, which are often less secure and susceptible to cyberattacks.

Avoid Clicking Suspicious Links

Exercise caution when interacting with links in emails or messages, especially if they come from unknown or unverified sources. It’s a good practice to hover your cursor over a link to preview the URL before clicking.

Use Strong Passwords

A strong password is your first line of defence. Make sure it’s a good one. Strong passwords have a  combination of upper and lower-case letters, numbers, and special characters. Use a password manager to make managing your passwords easier and to keep them safe.

Enable Two-Factor Authentication 

If you have the option, always activate 2FA on your accounts. Basically, you’ll need to use two passwords or methods of access to unlock your account, such as a temporary code sent to your mobile device, in addition to your password.

Be Cautious About Sharing Personal Data

Refrain from oversharing personal information on social media and other online platforms. Cybercriminals often exploit such data for social engineering and phishing attacks.

Regularly Update Your Software

Regular software updates are often overlooked by many people but they are vital to your device security. As hackers and cyber criminals improve their skills, so do tech companies improve their security. So keeping up with these improvements will give you a fighting chance.

Frequently Asked Questions

What should I do if I suspect I’ve received a phishing email or message?

Most email services like Gmail pick up malicious emails and will warn you of any potential danger. Unfortunately, one or two do fall through the cracks and these are the ones you need to keep an eye out for. If you’re worried that an email you’ve received is malicious, rather leave it and report it directly to the organisation it’s supposedly from. 

How can I tell if a website is secure (HTTPS) before entering sensitive information?

In the browser bar at the top of your browser is the URL. Here you’ll be able to check if the web address starts with “https://” (instead of just “http://”). This will tell you whether the site has a secure link or not. The “S” in “https” stands for secure. 

How can I recognize a phishing email or message?

A lot of the time phishing emails make mistakes. They will contain spelling and grammatical errors, ask for sensitive information, have suspicious links or attachments, and create a sense of urgency. As soon as you see a mistake you should see this as a red flag.