By George Mack, Content Marketing Manager, Check Point.

ClickFunnels is a platform that provides entrepreneurs and small businesses with the tools needed to create online sales funnels.

ClickFunnels’ tools include landing pages, which are designed to capture the information of potential customers; video sales pages, which host videos that are designed to sell; checkout systems, which streamline the process of completing a purchase, and more.

The service has exploded in growth, becoming a $100 million business in just 5 years.

As a result, online customers around the world have come to trust the classic look and feel of a ClickFunnels page.

An example of a ClickFunnels landing page. (Image credit: ClickFunnels)
An example of a ClickFunnels landing page. (Image credit: ClickFunnels)

Unfortunately, hackers have found a way to hijack the brand’s authority, using the service for malicious purposes. By creating web pages with malicious links, they are able to bypass traditional security services. In this article, researchers from Avanan, a Check Point company, will discuss how threat actors are exploiting this legitimate service for their own malicious ends.

The attack

In this attack, hackers create pages in ClickFunnels, containing links that redirect people to malicious pages. The goal of these pages is to harvest account credentials.

For example, the email below that’s in Italian asks the user to review a file by going to a page and clicking the link. Because AVG is one of the most popular free antivirus software programs in the world, there’s a decent probability that the victim reading the email uses AVG – increasing the chances that he or she will fall for the scam.

Email impersonating the AVG brand. (Image credit: Avanan)
Email impersonating the AVG brand. (Image credit: Avanan)
A fake OneDrive page that directs users to a malicious PDF download. (Image credit: Avanan)
A fake OneDrive page that directs users to a malicious PDF download. (Image credit: Avanan)

Clicking “Get Document,” directs the user to a malicious PDF file that harvests the user’s credentials.

The technique used

In this attack, the hacker uses a technique known as “The Static Expressway.” This involves using legitimate sites to host and deliver malware.

This allows threat actors to wrap malware in a legitimate cover, allowing them to bypass traditional security systems.

For example, VirusTotal, an online file scanner, can have difficulty catching malware that uses this technique.

VirusTotal scan with zero discoveries of malware. (Image credit: Avanan)
VirusTotal scan with zero discoveries of malware. (Image credit: Avanan)

The reason that security systems have trouble catching this is because ClickFunnels is deemed a safe service. And for the vast majority of pages using ClickFunnels, it is. Unfortunately, this doesn’t prevent hackers from using it for nefarious purposes.

Threat actors have done this repeatedly – taking advantage of services such as AWS, Microsoft Voice, and Facebook. It’s a powerful method to deliver malware into the inbox because security services can’t completely ban legitimate sites.

What email security solution should you use?

Check Point’s Harmony Email & Collaboration security solution is an invaluable tool for businesses of all sizes. It provides comprehensive protection against the latest email threats, such as phishing, malware, and ransomware. It also includes advanced analytics to detect and respond to suspicious activity. In addition, Harmony helps businesses comply with data privacy regulations, such as GDPR and HIPAA. With its advanced security features, Harmony Email & Collaboration can help businesses protect their data and ensure compliance with regulations.

Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.

RELATED ARTICLESMORE FROM AUTHOR