06/03/2020

Scammers target Google Docs and Microsoft Sway to steal user credentials

Technuter

Barracuda Networks, the trusted partner and leading provider for cloud-enabled security solutions, highlights the threat landscape in the month of May 2020. Barracuda researchers have identified a new type of brand impersonation attack that is disproportionately using Google-branded sites to trick victims into sharing login credentials. Of the nearly 100,000 form-based attacks detected between January 1 and April 30, 2020, Google file sharing and storage websites were used in 65 percent of attacks, making up 4 percent of all spear-phishing attacks in the first four months of 2020.

Amid the global pandemic, cybercriminals are evolving and a growing number of their campaigns are using the coronavirus as a lure to trick unfocused users by capitalising on their fear and uncertainty. In this type of brand impersonation attack, scammers leverage file, content-sharing, or other productivity sites like docs.google.com or sway.office.com to convince victims to hand over their credentials. They are performing credential theft in several ways.

The attackers are impersonating emails that appear to have been generated automatically by a legitimate file-sharing site such as OneDrive and takes their victim to a phishing site through a legitimate file-sharing site. Yet another tactic is creating an online form using legitimate services like forms.office.com. The forms resemble a login page of legitimate service, and the link to the form is then included in phishing emails to harvest credentials. These impersonation attacks are difficult to detect because they contain links pointing to legitimate websites that are often used by organizations.

Read more...