Return to overview
2 min read

Empowering security: the battle against Login Spoofing

2 min Read
February 12, 2024
By: Eye Security
By: Eye Security
7 March 2024


Battling cyber-crime can sometimes feel like an endless tennis rally where the cybercriminals relentlessly attack, and you are constantly defending, often just keeping the ball in play. But what if you could take the upper hand and have a chance at hitting back with a winning shot?

The current evolution of cyber threats demands innovative solutions to safeguard organisations. As cybercriminals continue to exploit vulnerabilities, phishing attacks have seen an increase in both quantity and complexity. One particularly insidious form of credential phishing is Microsoft login page spoofing, which is itself an example of EvilProxy - a topic we discussed in an earlier blog. But it goes further than just spoofing a page with an amateur UI. This technique copies and loads a pixel-perfect version of the page AND bypasses MFA, a man-in-the-middle approach that can result in a full-blown takeover of the victim’s account by the attacker. We’ve seen it emerge as a significant threat, prompting our dedicated team to develop a ground-breaking solution, aimed at fortifying your defences.

Understanding the rise of Login Spoofing

Phishing attacks have become increasingly sophisticated, preying on unsuspecting users who may unwittingly share sensitive information. Microsoft SSO is one of the most widely used, so a potent attack vector for malicious actors. Microsoft login page spoofing involves malicious actors creating deceptive, carbon-copy login pages, tricking users into sharing their credentials. Recognising the gravity of this growing threat, our team has crafted an innovative tool designed not only to detect such malicious attempts but also to empower users with visual cues that thwart phishing attacks in their tracks.

The inner workings of Eye Security

Eye Anti-Spoofing Tool (EAST) is our advanced cybersecurity solution, tailored to combat Microsoft login page spoofing. The tool operates during the sign-in process, employing a custom CSS file to customise the appearance of the sign-in box. As the user interacts with the login page, Eye Security's servers dynamically adapt based on the HTTP Referer header, distinguishing between legitimate and malicious pages, with our solution adding a visual clue. The custom CSS file will load a version of the login screen - hosted by Eye Security - containing a warning when the user is attempting to log in to an unrecognised domain. When the user accesses the legitimate Microsoft domain, a login page will load showing a green check box with the message: 'login screen verified'. This ensures that users receive alerts if they encounter a credential phishing attempt, fortifying the security perimeter.

User alert mechanism

Imagine a scenario where an employee encounters a malicious phishing page disguised as a legitimate Microsoft login. Thanks to Eye Security, users are promptly alerted after entering their username, but crucially, before entering their password. Visual cues, as shown in the screenshot below, serve as a warning, disrupting the phishing attack and preventing you or your colleagues from accidentally sharing sensitive information. Along with hundreds of other daily risk checks, you will also be notified in the Eye Portal, where you can see the recommendation.

Eye Security Login Spoofing EAST tool

A video we shared a few weeks ago demonstrated this in full. It was an iterative process, based on great ideas from Zolder BV. After researching their approach to generate insights into Adversary-in-the-Middle (#AitM) phishing kits and how to detect them, it was experimentation by our team of security experts that led to this new and innovative approach.

Since we launched EAST, several customers have already realised the value, most recently benefitting from the solution by preventing a business email compromise. In this case, the customer had got as far as entering their e-mail address, yet they chose not to type in their password on prompt thanks to the warning that EAST generates. Attackers look for human vulnerabilities to infiltrate systems, such as when you are filling in usernames and passwords on autopilot. That's why you need cutting-edge solutions from specialists like Eye Security.

Tennis may be a one-on-one game, but inspiration from other players, and iterative collaboration within teams, leads to a better chance of winning.

Feel free to contact our support team for any help or questions you may have. Our customers’ security is our top priority and we're here to support every step of the way.

Let's talk

Curious to know how we can help?

Get in touch
Share this article.