Security News > 2020 > May > Google, Microsoft most spoofed brands in latest phishing attacks
2020-05-28 12:19
In form-based phishing attacks, scammers leverage sites such as Google Docs and Microsoft Sway to trap victims into revealing their login credentials.
The initial phishing email typically contains a link to one of these legitimate sites, which is why these attacks can be difficult to detect and prevent.
Among the nearly 100,000 form-based attacks that Barracuda detected over the first four months of 2020, Google file sharing and storage sites were used in 65% of them.
Microsoft brands were spoofed in 13% of the attacks, exploiting such sites as onedrive.
Beyond Google and Microsoft, other sites spoofed in these attacks were sendgrid.net, mailchimp.com, and formcrafts.com.
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)