Cybersecurity researchers at Cofense have discovered a sharp rise in hackers using the web development platform Vercel to launch high-quality scams. In a report shared with Hackread.com, the firm explained that scammers are now using Generative AI (GenAI) to build fake websites that are almost impossible to distinguish from real ones.
According to researchers, by using Vercel’s Generative UI system, v0.dev, even scammers with very little technical skill can now create pages that copy the look and feel of major brands.
The process is fast and cheap. Researchers noted that in the past, building a fake site required manual work, but now, GenAI allows minimally skilled scammers to create high-quality traps that were once only possible for advanced groups.
How Hackers Use the Cloud
Vercel is a legitimate cloud platform for web developers, but it is easy for hackers to join. There is a free version and a pro version for $20 a month. These accounts allow threat actors to host their pages online without managing their own servers, and they can quickly set up a new page in case of seizure, since the AI creates a slightly different version each time.
“With Vercel’s hosting capabilities, attackers no longer have to maintain their own phishing website or recreate their whole server structure if the site gets taken down or removed. Even if the website created using Vercel’s v0.dev is taken down, nothing is stopping the attacker from creating a brand-new website using what they have learned from their previous mistakes,” Cofense threat intelligence researchers explained in the blog post.
Further investigation revealed that hackers are also linking these sites to Telegram. When a victim enters their details into a fake login screen, a Telegram bot API sends that data to the hacker in real-time. This automated deployment interface allows scammers to monitor their victims without needing to maintain their own complex servers.
Real Examples of the Threat
The team at Cofense has tracked several campaigns in their database of Active Threat Reports (ATR). Some key findings include:
- Nike Job Scams (ATR 406705): A fake recruitment page is created mimicking Nike to trick people into scheduling an interview via fake Google or Facebook logins.
- Adidas Hiring Lure (ATR 403225): Posing as Adidas hiring managers for executive roles, scammers use Telegram bots to steal credentials in real time.
- Microsoft and Spotify (ATR 402228 & 385870): Hackers copied the exact logos and colours of these brands to steal login info and credit card numbers.
A New Normal for Cyber Defences
Researchers noted that because GenAI doesn’t make the typical spelling mistakes we used to look for, the new normal for security is much more difficult. They suggest that users should always check the actual website address (URL) and report any suspicious Vercel-hosted pages directly to the company for removal.
