Here’s What ChatGPT and Netskope’s Inline Phishing Detection Have in Common

MITRE Techniques

• [T1059.007] JavaScript – Attackers may use JavaScript to dynamically generate phishing content; “Attackers may use JavaScript to dynamically generate the phishing page on the fly. This means that the phishing page is not visible in the page source code, making it harder for detection tools to accurately detect the page. The following phishing page detected by Netskope uses Javascript to add all the DOM elements after getting loaded on the victim’s browser.”
• [T1132] Data Encoding – Use of Base64-encoded images to render the login form, hiding the HTML structure; “The entire HTML code of this page consists of a Base64 encoded image rendered in the background as an authentication form.”
• [T1566] Phishing – Credential theft phishing pages designed to look like legitimate sites to harvest login and payment data; “Credential theft phishing pages are designed to look like legitimate websites, such as online services or e-commerce websites, and trick users into entering their login credentials and credit card information.”
• [T1566] Phishing – Evasive or cloaked phishing techniques (e.g., cloaking, URL rotation, obfuscation, dynamic code generation) to bypass detectors; “Phishing attacks are becoming more sophisticated with the use of cloaking, URL rotation, obfuscation, and dynamic code generation.”