[eliya_confiant]

Hi, author here. I liked this comment a lot and I can help to shed some light:

We do see phishing pages like this increasingly popping up with obfuscation. I think at this time less than a third are obfuscated, but this is gradually increasing. The thing is, most of the folks running these sites are likely not very technical. They buy the template from a vendor and plug in the config settings and just focus on driving traffic to the site - this happens through Discord & Twitter spam.

The thing with fraudsters and threat actors that play in this space is that at the end of the day it's a business and they want maximum reward for minimal effort. I think right now there's not a very aggressive takedown feedback loop with these phishing sites, but we are working to accelerate this and as this happens the perpetrators WILL need to rely more on obfuscation to try and thwart on the fly static detection. My guess is that eventually most of the logic will be server-side and cloaked as has happened with many other categories of phishing and fraud (particularly malvertising campaigns). Sooner or later the more amateur scam operators in this space will likely get shaken out by this acceleration of the cat and mouse game and only highly technical operators will be left.

With regards to the sites that we see obfuscated today, we are still able to do accurate attribution, as we've been specializing in the detection and blocking malicious client-side code for some time now.

Thanks again for your comment.