CloudSEK Logo
June 6, 2022

Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners to Launch Large-Scale Phishing Campaigns

CloudSEK's contextual AI digital risk platform XVigil has identified a surge in phishing sites hosted using reverse tunnel services. In this report, we delve into how threat actors use reverse tunnel services, along with URL shorteners, to orchestrate widespread campaigns, without leaving any traces.

Threat Actors Can Now Launch Untraceable Phishing Campaigns

Reverse tunnel services usher in a new era of phishing by making it easier for threat actors to stay under the radar.

  • Threat actors can host phishing pages from their local machine and generate URLs with random names that cannot be detected by regular domain name scanning services.
  • URL shorteners to further obfuscate the random domain names and evade detection.
  • Since the URLs stay live only for 24 hours, it becomes difficult to track groups and their activities.
  • There are no policies that mandate the service providers to monitor or takedown malicious URLs.

Authors & Contributors

Downloadable Report

Download the Report

Download the report by clicking below.
The Download will start immediately.
Download Now
Schedule a Demo

Join our newsletter

Sign up so that you don't miss any updates from us

Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners to Launch Large-Scale Phishing Campaigns

In this report, we delve into how threat actors use reverse tunnel services, along with URL shorteners, to orchestrate widespread campaigns, without leaving any traces.

Download ReportSchedule a demo

CloudSEK's contextual AI digital risk platform XVigil has identified a surge in phishing sites hosted using reverse tunnel services. In this report, we delve into how threat actors use reverse tunnel services, along with URL shorteners, to orchestrate widespread campaigns, without leaving any traces.

Threat Actors Can Now Launch Untraceable Phishing Campaigns

Reverse tunnel services usher in a new era of phishing by making it easier for threat actors to stay under the radar.

  • Threat actors can host phishing pages from their local machine and generate URLs with random names that cannot be detected by regular domain name scanning services.
  • URL shorteners to further obfuscate the random domain names and evade detection.
  • Since the URLs stay live only for 24 hours, it becomes difficult to track groups and their activities.
  • There are no policies that mandate the service providers to monitor or takedown malicious URLs.