Endpoints and security gateway appliances use a variety of techniques to attempt to identify Phishing websites that are trying to steal login credentials from unsuspecting users.
A typical phishing website may appear to the average human to be a login page for a well-known service, such as Gmail, Dropbox or your cloud-hosted ERP system. Users who are tricked into visiting that website, by clicking a link in a fraudulent email for example, will very often be coerced into providing their login details to cyber-criminals if they attempt to login on the phishing website.
The first generation of phishing protection attempted to detect the copy of the well-known login pages being used against the wrong URL. For example, a copy of the GMail login page being loaded from a webserver on a domain name of “fakegmail.com”.
Security vendors will likely upgrade their systems to detect this new attack vector in the near future; however, this serves as a useful reminder of the boundless creativity of cyber-criminals and the danger of assuming the systems that protected your network effectively last month, are still as effective today.