Security News > 2023 > May > How business email compromise attacks emulate legitimate web services to lure clicks
Call it BEC 3.0 - phishing attacks that bury the hook in legitimate web services like Dropbox.
SEE: Another hide-the-malware attack focuses on DNS. "Leveraging legitimate websites to host malicious content is a surefire way to get into the inbox," he said.
Avanan said preventing these stealth attacks requires a number of defensive steps, including scanning for malicious files in Dropbox and links in documents, as well as replacing links in the email body and inside attachments.
The key to education against these social engineering attacks is context, according to Fuchs: "Are resumes typically sent via Dropbox? If not, it may be a reason to contact the original sender and double-check. If they are, take it one step further. When you log into Dropbox, do I have to log in again with my email?".
Similar to the Dropbox attacks, hackers created legitimate Linktree pages to host malicious URLs to harvest credentials.
BEC attacks using legitimate sites may escalate this year.