Security News > 2022 > June > Evasive phishing mixes reverse tunnels and URL shortening services
Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop.
With reverse tunnels, threat actors can host the phishing pages locally on their own computers and route connections through the external service.
Using a URL shortening service, they can generate new links as often as they want to bypass detection.
Digital risk protection company CloudSEK observed an increase in the number of phishing campaigns that combine services for reverse tunneling and URL shortening.
The most widely abused reverse tunnel services that CloudSEK found in their research are Ngrok, LocalhostRun, and Cloudflare's Argo.
Reverse tunnel services shield the phishing site by handling all connections to the local server it is hosted on.