• DummiesHub believe in censorship free world
  • You will find here everything that can't find anywhere!
  • Sign Up Now!
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

Phishing using surveying site!

In this case, the attacker used surveygizmo.com[1] which offers you to build an online presence for surveys or feedback forms. Most of these websites are paid services but offer free trials. Enough to build a phishing campaign.
The generated link is sent to the victim as usual with some social engineering. Here is an example of the link:
hxxps://www[.]surveygizmo[.]com/s3/5485786/Invoice-4982550The landing page looks like this:
[Image: isc-20200305-1.png]
(Note the typo "your o email")
And, once you provided your credentials, the survey immediately ends with this screen:
[Image: isc-20200305-2.png]
The attacker just needs to login on his account to access data submitted by victims… You don’t need to deploy or hack a server to host the phishing page, you just use free resources provided by a cloud service. Pretty clever… And, if you’re ready to pay a small fee, you can even build self-branded surveys to increase the chances to lure victims.
In The Name of Lord Rama

Forum Jump:

Users browsing this thread: 1 Guest(s)