{"id":22445,"date":"2025-05-23T20:57:08","date_gmt":"2025-05-23T23:57:08","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=22445"},"modified":"2025-05-23T21:11:58","modified_gmt":"2025-05-24T00:11:58","slug":"phishing-validam-e-mails-em-tempo-real","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2025\/05\/basico\/phishing-validam-e-mails-em-tempo-real\/","title":{"rendered":"Phishing validam e-mails em tempo real"},"content":{"rendered":"\n\n\n<p><strong>Phishing de precis\u00e3o: como os ataques modernos validam e-mails em tempo real e como se defender<\/strong><\/p>\n<p><strong>A nova era do Phishing direcionado<\/strong><\/p>\n<p class=\"ds-markdown-paragraph\" style=\"text-align: justify;\">Os ataques de phishing evolu\u00edram al\u00e9m das campanhas gen\u00e9ricas de &#8220;spray-and-pray&#8221;. Agora, os cibercriminosos est\u00e3o adotando t\u00e9cnicas sofisticadas de\u00a0<strong>valida\u00e7\u00e3o em tempo real<\/strong>\u00a0para garantir que apenas v\u00edtimas com e-mails v\u00e1lidos e de alto valor sejam direcionadas a p\u00e1ginas falsas de login. Esse m\u00e9todo, chamado de\u00a0<strong>&#8220;phishing de valida\u00e7\u00e3o de precis\u00e3o&#8221;<\/strong>\u00a0(precision-validating phishing), aumenta drasticamente a efic\u00e1cia dos ataques e dificulta a detec\u00e7\u00e3o por ferramentas automatizadas de seguran\u00e7a.<\/p>\n<p class=\"ds-markdown-paragraph\">Neste artigo, exploraremos:<\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\">Como funciona o phishing de precis\u00e3o<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\">T\u00e9cnicas avan\u00e7adas de evas\u00e3o usadas pelos criminosos<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\">Estrat\u00e9gias de defesa para empresas e usu\u00e1rios<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>1. Como o Phishing de valida\u00e7\u00e3o em tempo real funciona<\/strong><\/p>\n<p><strong>O Fluxo do ataque<\/strong><\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>Coleta de e-mails pr\u00e9-selecionados<\/strong><\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\" style=\"text-align: justify;\">Os criminosos utilizam bases de dados vazadas ou ataques de enumera\u00e7\u00e3o para obter e-mails v\u00e1lidos de empresas-alvo.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>P\u00e1gina de phishing com valida\u00e7\u00e3o<\/strong><\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\" style=\"text-align: justify;\">A v\u00edtima acessa um link malicioso que parece leg\u00edtimo (ex.: notifica\u00e7\u00e3o de arquivo para download).<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\" style=\"text-align: justify;\">Ao inserir o e-mail, um script (JavaScript ou API oculta) verifica se ele est\u00e1 na lista de alvos pr\u00e9-selecionados.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>Redirecionamento inteligente<\/strong><\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\" style=\"text-align: justify;\"><strong>Se o e-mail for v\u00e1lido:<\/strong>\u00a0A v\u00edtima \u00e9 direcionada para uma p\u00e1gina de login falsa (ex.: Microsoft 365, Google).<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\" style=\"text-align: justify;\"><strong>Se o e-mail for inv\u00e1lido:<\/strong> A p\u00e1gina retorna um erro ou redireciona para um site comum (ex.: Wikipedia), evitando detec\u00e7\u00e3o por crawlers de seguran\u00e7a.<\/p>\n<\/li>\n<li style=\"text-align: justify;\"><em style=\"font-size: revert; color: initial;\">&#8220;Isso aumenta a efici\u00eancia do ataque, pois s\u00f3 credenciais de contas reais s\u00e3o coletadas.&#8221;<\/em><span style=\"font-size: revert; color: initial;\">\u00a0\u2014\u00a0<\/span><strong style=\"font-size: revert; color: initial;\">Cofense<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg9_TlHVTXl0MSNkxZJ5yg6uMoQsVF2hFYWwrK3HkSBXU9b2s1OROrAsZT-RB56ABbQKW8_x-9Oqa_q9EFpFvYGrzkIFXgPdLyOqsRiFxxaW9I8LRQ17N6o8MqYrGDpSz-bNrOh9kHE-Yy81A9uFfMlEwu61W94wvL-ReXht6VDojpcTOcBnEv1O2wzuvFQ\/s728-rw-e365\/phish.PNG\" width=\"583\" height=\"527\" \/><\/p>\n<p>\u00a0<\/p>\n<p><strong>2. T\u00e9cnicas de evas\u00e3o usadas pelos criminosos<\/strong><\/p>\n<p><strong>A) Armadilhas de duplo caminho (PDF malicioso)<\/strong><\/p>\n<p class=\"ds-markdown-paragraph\" style=\"text-align: justify;\">Um exemplo recente envolveu um e-mail que simulava um\u00a0<strong>aviso de exclus\u00e3o de arquivo no Files.fm<\/strong>. O link levava a um PDF com duas op\u00e7\u00f5es:<\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>&#8220;Visualizar&#8221;<\/strong>: Redirecionava para uma p\u00e1gina falsa de login da Microsoft.<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\" style=\"text-align: justify;\"><strong>&#8220;Download&#8221;<\/strong>: Baixava um execut\u00e1vel disfar\u00e7ado de OneDrive, mas que instalava o\u00a0<strong>ScreenConnect (ConnectWise)<\/strong> para acesso remoto.<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\" style=\"text-align: justify;\"><em style=\"font-size: revert; color: initial;\">&#8220;Os criminosos criaram uma armadilha onde qualquer escolha leva ao comprometimento.&#8221;<\/em><span style=\"font-size: revert; color: initial;\">\u00a0\u2014\u00a0<\/span><strong style=\"font-size: revert; color: initial;\">Cofense<\/strong><\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>B) Ataques multiest\u00e1gio com ferramentas leg\u00edtimas<\/strong><\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>Vishing + PowerShell + Quick Assist<\/strong><\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\">Um ataque recente (associado ao grupo\u00a0<strong>Storm-1811<\/strong>) usou:<\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>Microsoft Teams<\/strong>\u00a0para enviar um payload malicioso em PowerShell.<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>Quick Assist<\/strong>\u00a0para ganhar acesso remoto.<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>Bin\u00e1rios assinados (TeamViewer.exe)<\/strong>\u00a0com DLLs maliciosas (TV.dll) para persist\u00eancia.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>3. Como se defender contra o phishing de precis\u00e3o<\/strong><\/p>\n<p><strong>Para empresas<\/strong><\/p>\n<p class=\"ds-markdown-paragraph\"><strong>Monitoramento de redirecionamentos suspeitos<\/strong><\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\">Ferramentas como\u00a0<strong>Cisco Umbrella<\/strong>\u00a0ou\u00a0<strong>Zscaler<\/strong>\u00a0podem bloquear dom\u00ednios de phishing antes do acesso.<\/p>\n<\/li>\n<\/ul>\n<p class=\"ds-markdown-paragraph\"><strong>Treinamento contra engenharia social<\/strong><\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\">Simule ataques de phishing com ferramentas como\u00a0<strong>KnowBe4<\/strong>\u00a0para ensinar colaboradores a identificar e-mails falsos.<\/p>\n<\/li>\n<\/ul>\n<p class=\"ds-markdown-paragraph\"><strong>An\u00e1lise comportamental de logins<\/strong><\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\">Solu\u00e7\u00f5es como\u00a0<strong>Microsoft Defender for Identity<\/strong>\u00a0detectam comportamentos an\u00f4malos em credenciais.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>Para usu\u00e1rios individuais<\/strong><\/p>\n<p class=\"ds-markdown-paragraph\">\u00a0<strong>Verifique sempre a URL antes de digitar credenciais<\/strong><\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\">Passe o mouse sobre links para ver o destino real.<\/p>\n<\/li>\n<\/ul>\n<p class=\"ds-markdown-paragraph\">\u00a0<strong>Use autentica\u00e7\u00e3o multifator (MFA)<\/strong><\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\">Mesmo que a senha seja roubada, o MFA pode bloquear o acesso.<\/p>\n<\/li>\n<\/ul>\n<p class=\"ds-markdown-paragraph\"><strong>Desconfie de arquivos com op\u00e7\u00f5es suspeitas<\/strong><\/p>\n<ul>\n<li>Se um PDF pede login ou download inesperado, n\u00e3o interaja.<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>Conclus\u00e3o<\/strong><\/p>\n<p><strong> O Phishing est\u00e1 mais inteligente e a defesa tamb\u00e9m precisa acompanhar<\/strong><\/p>\n<p class=\"ds-markdown-paragraph\" style=\"text-align: justify;\">Os ataques de phishing est\u00e3o se tornando\u00a0<strong>cada vez mais direcionados e dif\u00edceis de detectar<\/strong>, mas com as estrat\u00e9gias certas, \u00e9 poss\u00edvel mitigar riscos:<\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>Empresas:<\/strong>\u00a0Invistam em\u00a0<strong>treinamento, monitoramento de tr\u00e1fego e MFA<\/strong>.<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>Usu\u00e1rios:<\/strong>\u00a0Adotem\u00a0<strong>h\u00e1bitos seguros<\/strong> e desconfiem de comunica\u00e7\u00f5es urgentes.<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\"><em style=\"font-size: revert; color: initial;\">&#8220;A melhor defesa \u00e9 uma combina\u00e7\u00e3o de tecnologia e conscientiza\u00e7\u00e3o.&#8221;<\/em><\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p>Fonte e imagens: <a href=\"https:\/\/thehackernews.com\/2025\/04\/phishing-campaigns-use-real-time-checks.html\" target=\"_blank\" rel=\"noopener\">https:\/\/thehackernews.com\/2025\/04\/phishing-campaigns-use-real-time-checks.html<\/a><\/p>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Phishing de precis\u00e3o: como os ataques modernos validam e-mails em tempo real e como se defender A nova era do Phishing direcionado Os ataques de phishing evolu\u00edram al\u00e9m das campanhas gen\u00e9ricas de &#8220;spray-and-pray&#8221;. Agora, os cibercriminosos est\u00e3o adotando t\u00e9cnicas sofisticadas de\u00a0valida\u00e7\u00e3o em tempo real\u00a0para garantir que apenas v\u00edtimas com e-mails v\u00e1lidos e de alto valor [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":22455,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,105],"tags":[],"class_list":["post-22445","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=22445"}],"version-history":[{"count":11,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22445\/revisions"}],"predecessor-version":[{"id":22457,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22445\/revisions\/22457"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/22455"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=22445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=22445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=22445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}