Operation Huyao: Unwrapping a New Phishing Technique before the Holidays

When the shopping season kicks in, attackers will be busy fooling frantic shoppers with online scams to steal online payments, banking, and personal data. Cybercriminals will target user accounts, as well as the sites they visit using phishing methods and other online scams to get what they need.

We found a new phishing technique that targets online shopping sites. However, unlike typical phishing sites, this one, which we decided to call Operation Huyao (Chinese for monstrous fox), doesn’t require an attacker to create a copy of a website at all. Instead, attackers siphon pages directly from the legitimate site to their malicious site, essentially acting as a proxy or relay between the victim and the targeted site.

Because the site is indeed legitimate, users won’t suspect a thing even up until they are directed to the succeeding phishing site itself, as it only redirects the user to the attacker's site when they get to the page that requires them to input information. For unknowing users, the rest of the user’s experience is still coming from the rightful site. The attack only serves modified pages when the user decides to check out their item. From there, the payment information of the victim is stolen in a conventional phishing attack.

As the holidays roll in, there are reports of increases in email phishing messages that are related to the shopping season. Such include fake flight confirmation receipts, and shopping receipts. It’s best to shop wisely by not only saving on good deals but by being careful about fishy links or URLs. Always take a second look to make sure that you’re in the right website. Before shopping online, make sure that your security software is updated to block threats in advance. Be cautious about receipts for items and flights you never bought and make sure that you verify first with your banks before clicking on anything. Finally, watch your credit cards and other accounts for fraudulent transactions. Reporting suspicious events will save you a lot of trouble.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.