If many people can detect simple phishing emails these days, some attacks are very well crafted and also have built-in techniques not only to ensure that potential victims will fall into the trap but there is another aspect. From an attacker’s point of view, how to improve the quality of collected data?

I found multiple phishing pages that ask for passwords twice. When the victim submits his/her credentials, an error message is always displayed stating that the credentials are invalid. What's your reflex in such a case? You pay attention to what you type and you type slowly to avoid typos. When you submit your credentials for the second time, the attacker will record them, hoping they will be relevant!

This technique provides multiple advantages to the attacker:

• If the victim submits twice his/her password, it probably did not detect the fake login page
• People will pay attention to the second attempt, increasing the password quality
• The attacker may compare the two passwords and see if they are the same, and more interesting.

Xavier Mertens (@xme)
Xameco
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key