Holiday season exploited by new phishing kit

North Americans shopping online are being subjected to a new sophisticated phishing kit with detection aversion techniques that leverages holiday-focused lures since September, BleepingComputer reports. Attackers using the new phishing kit have been sending emails looking to lure potential victims with a prize-winning opportunity, with the messages including links using URL shorteners that redirect to phishing pages, an Akami report revealed. Popular cloud services, such as Google, Microsoft Azure, and Amazon Web Services, have been exploited by attackers to evade detection, while several brands, including Costco and Delta Airlines, have been impersonated in an effort to establish legitimacy. Fake user testimonials on received prizes have also been created by the attackers to more effectively lure victims, according to the report, which also showed that U.S. and Canadian users accounted for nearly 89% of individuals landing on the phishing domains. The findings also showed the phishing kit's usage of a token-based system that enables victim redirection to unique URLs.