Security News > 2020 > May > Cybercrooks tend to prefer Google-branded phishing to Microsoft-flavoured lures
Digital rogues are shunning Microsoft in favour of Google when it comes to launching branded spear-phishing attacks, according to threat intel firm Barracuda Networks.
The outfit reckons malicious people abusing Google services such as Drive, Docs and Cloud managed to launch 65,000 attacks between January and April.
"Of the nearly 100,000 form-based attacks Barracuda detected between January 1, 2020, and April 30, 2020, Google file sharing and storage websites were used in 65 per cent of attacks. This includes storage.googleapis.com, docs.google.com, storage.cloud.google.com, and drive.google.com," said Barracuda in a statement.
The firm's Steve Peake opined: "With more people than ever working from home, it's no surprise that cyber criminals are taking the opportunity to flood people's inboxes with these scams. The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users."
Once clicked, the app behind the link scraped contact information from the user's device and automatically sent emails to spread the attack.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/28/google_branded_phishing/
Related news
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)