Select Page

Cyren Security Blog

Point, Click and Hack — Phishers Try Wix

Wix allows anyone to create a free website with simple point, click and drag formatting. Of course, “anyone” can include phishers and malware distributors, and we at the Cyren Security Lab discovered earlier this week just such abuse of a Wix page targeted at Office 365 users, the subject of this article in InfoWorld. Once we notified Wix, they immediately removed the page, but it’s a critical reminder that a “no trust” philosophy is paramount when it comes to web security, even (and especially) when accessing a brand you trust, like Wix.

The advantages for the phisher of using Wix are:

  • Free hosting of the phishing page
  • Because the domain is very popular, it isn’t blocked by many URL filtering and web security products

The phishing site, which targeted Office 365 users, was very simple and did not use phishing-related terms — we believe based on the assumption that Wix would scan for these and take down the site.

Wix phishing page for O365 users

As shown above, the phishing site consisted of a screenshot of an Office 365 login page with login fields overlaid on the screenshot. There is, therefore, no text on the page relating to Microsoft or Office 365 – it’s all image-based. Also the password field is actually spelled with two “v”s, as in “passvvord”. The separation of the image and the fillable phishing fields is clearly shown when accessed on a mobile device:

Mobile screenshot of Wix phishing page

Cyren Web Security and URL filtering users are protected from this and similar threats. Evidently web platform services providers need to be vigilant and constantly review opportunities to enhance security for their customers and those customers’ users.

You might also like

Square Enix Phishing Campaign

From July 20 until August 16, 2021, Cyren observed a significant increase in the number of Square Enix phishing URLs. The campaign coincided with 14 days of free play announced by Square Enix on July 12, 2021. During this period, we detected a total of 47,076 URLs for...