Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

How to scale phishing by using the cloud

Consider for a moment the stages involved in a traditional phishing attack:

  1. Create the phishing page – either buried within a legitimate site or hosted on some temporary server
  2. Send out carefully socially engineered phishing emails requiring login for some reason – including the link to the phishing page
  3. Collect data submitted to the page by deceived recipients for underworld purposes
  4. Do bad stuff

In a previous post we described how phishers improve stage 1 with free hosting by hiding their sites within legitimate sites. In the example below we have observed a further “streamlining” of stage 3 the phishing process. This attack targets users of HomeAway holiday rentals.

A look at the page source reveals that the filled in form is sent to “” and not collected directly by the phisher. offers a similar service to that found in the forms feature of Google docs – cloud-based form result collection and management. The site collects and stores all the responses to the “form” shown above and then emails a neat summary to the phisher (whose login name is “malek”).

In other words the phisher does not have to worry about creating/managing/storing back end form data collection and can more easily scale the harvesting of phished data.

Those duped into filling out the form will not be aware of this nuance. We would hope that the request for an “email address password” would raise red flags for some users and save them from the subsequent identity compromise.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...