Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners to Launch Large-Scale Phishing Campaigns

CloudSEK's contextual AI digital risk platform XVigil has identified a surge in phishing sites hosted using reverse tunnel services. In this report, we delve into how threat actors use reverse tunnel services, along with URL shorteners, to orchestrate widespread campaigns, without leaving any traces.

Threat Actors Can Now Launch Untraceable Phishing Campaigns

Reverse tunnel services usher in a new era of phishing by making it easier for threat actors to stay under the radar.

• Threat actors can host phishing pages from their local machine and generate URLs with random names that cannot be detected by regular domain name scanning services.
• URL shorteners to further obfuscate the random domain names and evade detection.
• Since the URLs stay live only for 24 hours, it becomes difficult to track groups and their activities.
• There are no policies that mandate the service providers to monitor or takedown malicious URLs.

‍