HC3 TLP Clear: Sector Alert Identifying and Mitigating Threats from Fraudulent Websites in HPH Sector

Executive Summary

Thousands of fraudulent websites with links to credential harvesting e-mails or text messages are built every day to try to lure visitors into giving away personal and financial information, buying products that do not exist, or downloading malware that disrupts devices and data. The impact is compounded when it adversely affects victims in the health and public health (HPH) sector, often due the sensitivity of the data. This threat briefing examines different examples of fake websites, ways to identify and how to report them, and recommendations for how to avoid becoming an accidental victim.

Fraudulent Login Websites Explained

A fake login page is essentially a knock-off of a real login page used to trick people into entering their login credentials, which hackers can later use to break into online accounts. These websites mirror legitimate pages by using company logos, fonts, formatting, and overall templates. Depending on the attention to detail put in by the hackers behind the imposter website, it can be nearly impossible to distinguish from the real thing. Consequentially, fake login pages can be highly effective in their end goal: credential theft.

How do these pages get in front of a consumer in the first place? Typically, scammers will target unsuspecting recipients with phishing emails spoofing a trusted brand. These emails may state that the user needs to reset their password or entice them with a deal that sounds too good to be true. If the consumer clicks on the link in the email, they will be directed to the fake login page and asked to enter their username and password. Once they submit their information, cybercriminals can use the consumer’s data to conduct credential stuffing attacks and hack their online profiles. This could lead to credit card fraud, data extraction, wire transfers, identify theft, and more.

Developing fake login pages is trivial as many bad actors will sell premade sites for purchase on the dark web. While it has been easier to distinguish between real and fake login pages in the past, criminals are constantly updating their techniques to be more sophisticated, therefore making it more difficult for consumers to recognize their fraudulent schemes.

Examples of Fraudulent Websites

There is no shortage of examples of different types of fake login pages from previous and current successful attempts by scammers, but below are a few notable ones:

• Online stores that advertise incredible deals but steal payment information or trick visitors into buying fraudulent or nonexistent products
• Pages that look like the login pages to services or popular websites
• Sites with malicious pop-ups that can download malware to steal sensitive information
• Healthcare or health insurance sites that swipe medical data by asking users to verify account information
• Package delivery websites that ask users to verify their personal information or trick them into giving up their credit card numbers
• Airfare booking sites that steal personal information such as passport or credit card numbers or sell fake tickets

View the detailed report below.