Security News > 2022 > August > How phishing attacks are exploiting Amazon Web Services
How phishing attacks are exploiting Amazon Web Services.
Cybercriminals prefer to use legitimate sites and services in their phishing scams, not just to trick unsuspecting victims but to sneak past security scanners that would otherwise block traffic from a suspicious site.
In a report released Thursday, email security provider Avanan describes a new phishing campaign that takes advantage of Amazon Web Services.
How attackers are using AWS. In the scheme analyzed by Avanan, cybercriminals have been building phishing pages on AWS. By sending a link to such a page through a phishing email, the scammers are able to bypass security tools and convince the recipient to share credentials for sensitive accounts.
Impersonating Microsoft, complete with a Microsoft logo, the phishing email claims that the user's password will expire today and prompts them to click on a button to keep the same password.
As a prominent website and service, Amazon Web Services will always be on the Allow list, letting the phishing email reach the user's inbox.
News URL
https://www.techrepublic.com/article/how-phishing-attacks-are-exploiting-amazon-web-services/
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)