Traditional phishing schemes send emails to anyone that they can get an email about without checking if the account is valid. This leads to a lot lower success rate of obtaining credentials that are valid and usable. This new technique of phishing, precision-validating phishing, uses real time email validation ensuring that only a few selected high-value targets see the fake login screens typical in phishing attacks. Instead of the bulk dissemination of a spam email to obtain login information in a unordered fashion, this tactic allows for targeting only email addresses that are checked and validated and meet three criteria: “active, legitimate, and high value”. This attack works by prompting the victim to enter their email address in the phishing page and then the address is validate against the database. From there, either the bogus landing page is displayed if the email is in the database or the victim sees an error on the page or is redirected to a unaffected page. These database checks are performed by integrating an API or JS based validation step which confirms email addresses existence in the database before the password capturing step.
