JavaScript-Enabled Phishing Attacks: Unmasking the Deceptive Layers of Malicious Sites


In the digital age, over 76% of businesses reported falling victim to a phishing attack in the past year. One sophisticated method phishers use involves exploiting JavaScript, a popular programming language for web development. In this blog, we will explore JavaScript-enabled phishing attacks, and specifically, how JavaScript can be manipulated to display phishing content and, more alarmingly, redirect unsuspecting users to number generator gambling games.

Understanding JavaScript-Enabled Phishing Attacks

Phishing is a fraudulent attempt to obtain sensitive information by disguising oneself as a legitimate entity in electronic communications. Commonly, phishing attacks are conducted through emails, fake websites, or malicious advertisements.

JavaScript, a scripting language widely used to create dynamic and interactive web content, can be a double-edged sword. It can also be weaponized by cybercriminals to execute malicious activities.

In a typical JavaScript-enabled phishing attack, malicious actors embed JavaScript code into seemingly legitimate websites or emails. When a user visits the compromised site or clicks on a phishing link, the JavaScript code is executed. This can result in various malicious activities, such as displaying fake login pages, capturing keystrokes, or redirecting the user to fraudulent websites.

Bolster’s In-Depth Analysis

In research, we found that attackers are using JavaScript to hide their bad intentions. They make sure the malicious content only shows up under certain conditions, making it harder for security tools to catch them.

Advanced phishing attacks use JavaScript to change their approach based on the user’s environment. For example, in this phishing attack, the script can check the type of browser, operating system, or even location, and adjust the attack to be more convincing.

Based on our research, we have identified that this phishing attack is not limited to a single brand. Instead, it targets multiple well-known brands, including CamScanner, Taiwan Focus News, and EHE Health in the healthcare sector. Other prominent brands are also being targeted, highlighting the widespread nature of this threat.

Revealing phishing page targeting CamScanner, disabled JavaScript.
Revealing phishing page targeting CamScanner, disabled JavaScript.

Case Study: The Number Generator Gambling Game

Imagine receiving an email that appears to come from a reputable organization, urging you to click on a link to verify your account or claim a prize. Upon clicking the link, you’re taken to a website that looks legitimate at first glance. However, this site uses JavaScript to determine how to proceed. If JavaScript is enabled in your browser (as it typically is for most users), you’re redirected to a different page altogether—a number generator gambling game designed to entice and scam you further.

A Malicious page showing gambling content using name of Janes News (JavaScript Enabled).
A Malicious page showing gambling content using name of Janes News (JavaScript enabled).

Here’s a closer look at how this specific phishing attack unfolds:

1. Initial Contact: You receive an email that seems genuine. It might use branding and language similar to a company or service you trust. The email contains a link that urges immediate action, often invoking a sense of urgency or curiosity.

2. Link Clicked: When you click the link, you’re directed to a landing page. This page is crafted to look legitimate, with familiar logos and a professional design. However, this page contains hidden JavaScript code.

3. JavaScript Detection: The JavaScript code embedded in the page checks if your browser has JavaScript enabled. If JavaScript is disabled, the page might display a harmless message or a basic form that doesn’t reveal the true intent.

4. Redirect to Phishing Content: If JavaScript is enabled (again, as it is for most users), the script dynamically changes the content of the page. In this case, it redirects you to a number generator gambling game. The game is designed to appear engaging and potentially rewarding, encouraging you to participate.

5. Phishing Attempt: As you interact with the game, you might be prompted to enter personal information, such as your name, email address, or even payment details. The game might promise winnings or rewards, but its true purpose is to harvest your sensitive data.

6. Data Theft and Further Exploitation: The information you provide is sent directly to the attackers. They can use this data for various malicious purposes, such as identity theft, financial fraud, or selling your information on the dark web.

Janes News targeted by this phishing attack (JavaScript disabled)
Janes News targeted by this phishing attack (JavaScript disabled)

Consequences of JavaScript-Enabled Phishing Attacks

The repercussions of falling victim to JavaScript-enabled phishing attacks can be severe, impacting various sectors in profound ways. Here are some significant consequences:

Diplomatic Tensions Between Countries:

Phishing attacks targeting platforms like Janes, a leading source of military intelligence news, can lead to catastrophic outcomes. Fake news and misinformation spread through such platforms can further exacerbate international relations, causing conflicts and misunderstandings—potentially leading to unfriendly diplomatic tensions between countries.

Threats to Health Sector:

The health sector is another critical area vulnerable to phishing attacks. For instance, platforms like EHE Health, which handle sensitive patient information, are prime targets for cybercriminals. If users unknowingly input personal health information into phishing sites, it can lead to life-threatening situations. Attackers can misuse this data for malicious purposes, including identity theft, insurance fraud, or even selling the information on the dark web, putting patients’ lives at risk.

Phishing alert for EHE Health users
Phishing alert for EHE Health users

Protecting Yourself from These Attacks

While JavaScript-based phishing attacks can be highly deceptive, there are several steps you can take to protect yourself:

1. Be Wary of Unexpected Emails: Always be cautious of unsolicited emails, especially those requesting sensitive information or urging immediate action. Verify the sender’s email address and look for any signs of phishing.

2. Hover Before You Click: Before clicking on any link, hover over it to see the actual URL. If the link looks suspicious or does not match the expected destination, do not click it.

3. Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA on your online accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password.

4. Use Updated Security Software: Ensure your antivirus and anti-malware software are up to date. These tools can help detect and block malicious scripts and websites.

5. Disable JavaScript: For maximum security, consider disabling JavaScript in your web browser. While this may reduce functionality on some websites, it can significantly lower the risk of JavaScript-based attacks.

6. Report Suspicious Activity: If you suspect you’ve encountered a phishing attempt, report it to the relevant authorities or scan it on CheckPhish. This helps in tracking and mitigating phishing threats.


JavaScript-enabled phishing attacks represent a significant threat in the digital world. By understanding how these attacks work and taking proactive steps to protect yourself, you can minimize the risk of falling victim to these sophisticated schemes.

Remember, staying vigilant and informed is your best defense against cybercriminals. Cybersecurity is a shared responsibility and by spreading awareness, we can collectively create a safer online environment. Stay safe, stay informed and always think before you click.