Security News > 2022 > August > How phishing attacks are exploiting Amazon Web Services
How phishing attacks are exploiting Amazon Web Services.
Cybercriminals prefer to use legitimate sites and services in their phishing scams, not just to trick unsuspecting victims but to sneak past security scanners that would otherwise block traffic from a suspicious site.
In a report released Thursday, email security provider Avanan describes a new phishing campaign that takes advantage of Amazon Web Services.
How attackers are using AWS. In the scheme analyzed by Avanan, cybercriminals have been building phishing pages on AWS. By sending a link to such a page through a phishing email, the scammers are able to bypass security tools and convince the recipient to share credentials for sensitive accounts.
Impersonating Microsoft, complete with a Microsoft logo, the phishing email claims that the user's password will expire today and prompts them to click on a button to keep the same password.
As a prominent website and service, Amazon Web Services will always be on the Allow list, letting the phishing email reach the user's inbox.
News URL
https://www.techrepublic.com/article/how-phishing-attacks-are-exploiting-amazon-web-services/
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)