Creating phishing sites that look similar to real websites is a classic attack. What is interesting about reviewing a current version of this attack is how attackers are incorporating new techniques via AI. Rather than cloning a website, they are using AI to generate the fake landing pages making it harder to detect it is a malicious source. The good news is classic defenses such as reputation security (more on this can be found HERE), still prevent this type of threat. The basic concept is if a website hasn’t been online, seems very targeted, hosted from a random provider, etc etc etc … it is likely a phishing website. So if the “credit score” is low, block it.
See more details about this recent phishing campaign against Lowes HERE.