Threat Watch

Threat Actors Use ClickFunnels to Bypass Security Services

Threat actors have been spotted using the legitimate ClickFunnels service to bypass security services and redirect users to malicious links. ClickFunnels is an online service that helps entrepreneurs and small businesses generate leads, build marketing engines, and grow their businesses. Threat actors, however, are using it to bypass security services. More specifically, threat actors have been exploiting ClickFunnels’ ability to create pages with malicious links and ultimately conduct credential-harvesting attacks. “We talk constantly about ‘The Static Expressway.’ This is the practice of leveraging legitimate sites to host and send malicious pages,” Avanan marketing content manager Jeremy Fuchs wrote in a recent advisory. “Essentially, it’s a way of hiding malicious intent in something legitimate.” Case in point, ClickFunnels is a platform generally trusted by security engines. Therefore, links delivered by its email manage to bypass email protection solutions. “We’ve seen this time and time again. Whether it’s using AWS, Microsoft Voice, or Facebook, this is a powerful way to get into the inbox,” Fuchs added. “It utilizes the fact that security services can’t outright ban popular sites. Hackers then hop on the back of these to get into the inbox and scam users.”


Analysts Notes: All users are recommended to be extremely suspicious of any link contained in the email. It is recommended to manually check URLs for legitimacy prior to clicking on them and to contact the sender of the email directly to verify they meant to use a specific site to send documents.