• Latest
  • Trending
Evasive phishing mixes reverse tunnels and URL shortening services

Evasive phishing mixes reverse tunnels and URL shortening services

June 6, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 17 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Evasive phishing mixes reverse tunnels and URL shortening services

by ITECHNEWS
June 6, 2022
in Infosec, Leading Stories
0 0
0
Evasive phishing mixes reverse tunnels and URL shortening services

Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop.

This practice deviates from the more common method of registering domains with hosting providers, who are likely to respond to complaints and take down the phishing sites.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

With reverse tunnels, threat actors can host the phishing pages locally on their own computers and route connections through the external service. Using a URL shortening service, they can generate new links as often as they want to bypass detection.

Many of the phishing links are refreshed in less than 24 hours, making tracking and taking down the domains a more challenging task.

Service abuse

Digital risk protection company CloudSEK observed an increase in the number of phishing campaigns that combine services for reverse tunneling and URL shortening.

In a report the company shared with BleepingComputer, researchers say they found more than 500 sites hosted and distributed this way.

The most widely abused reverse tunnel services that CloudSEK found in their research are Ngrok, LocalhostRun, and Cloudflare’s Argo. They also saw Bit.ly, is.gd, and cutt.ly URL shortening services being more prevalent.

Reverse tunnel services shield the phishing site by handling all connections to the local server it is hosted on. This way, any incoming connection is resolved by the tunnel service and forwarded to the local machine.

The modus operandi of the phishing actors
The modus operandi of the phishing actors (CloudSEK)

Victims interacting with these phishing sites end up with their sensitive data being stored directly on the attacker’s computer.

By using URL shortners, the threat actor masks the name of the URL, which is typically a string of random characters, CloudSEK says. Thus, a domain name that would raise suspicions is hidden in a short URL.

According to CloudSEK, adversaries are distributing these links through popular communication channels like WhatsApp, Telegram, emails, text, or fake social media pages.

It is worth noting that misuse of these services isn’t new. For example, Cyble presented evidence of Ngrok abuse in February 2021. However, as per CloudSEK’s findings, the problem is getting worse.

Detected cases

One example of a phishing campaign abusing these services that CloudSEK detected was impersonating YONO, a digital banking platform offered by the State Bank of India.

YONO phishing site hosted locally
YONO phishing site hosted locally (CloudSEK)

The URL defined by the attacker was hidden behind “cutt[.]ly/UdbpGhs” and led to the domain “ultimate-boy-bacterial-generates[.]trycloudflare[.]com/sbi” that used Cloudflare’s Argo tunneling service.

This phishing page requested bank account credentials, PAN card numbers, Aadhaar unique identification numbers, and mobile phone numbers.

CloudSEK did not share how effective this campaign was but highlights that threat actors are rarely using the same domain name for more than 24 hours, although they do recycle the phishing page templates.

“Even if a URL is reported or blocked, threat actors can easily host another page, using the same template” – CloudSEK

Sensitive information collected this way can be sold on the dark web or used by the attackers to empty banking accounts. If the data is from a company, the threat actor could use it to launch ransomware attacks, or business email compromise (BEC) fraud.

To protect against this type of threat, users should avoid clicking on links received from unknown or suspicious sources. Typing a bank’s domain name in the browser manually is a good method to prevent being exposed to a fake website.

Source: Bill Toulas
Via: bleepingcomputer
Tags: Evasive phishing mixes reverse tunnels and URL shortening services
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version