Security News > 2020 > May > Google, Microsoft most spoofed brands in latest phishing attacks
2020-05-28 12:19
In form-based phishing attacks, scammers leverage sites such as Google Docs and Microsoft Sway to trap victims into revealing their login credentials.
The initial phishing email typically contains a link to one of these legitimate sites, which is why these attacks can be difficult to detect and prevent.
Among the nearly 100,000 form-based attacks that Barracuda detected over the first four months of 2020, Google file sharing and storage sites were used in 65% of them.
Microsoft brands were spoofed in 13% of the attacks, exploiting such sites as onedrive.
Beyond Google and Microsoft, other sites spoofed in these attacks were sendgrid.net, mailchimp.com, and formcrafts.com.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft Bing shows misleading Google-like page for 'Google' searches (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Google takes action after coder reports 'most sophisticated attack I've ever seen' (source)