Security News > 2024 > August > Cybercriminals exploit file sharing services to advance phishing attacks

A file-sharing phishing attack is a unique type of phishing threat in which a cybercriminal poses as a known colleague or familiar file-hosting or e-signature solution and sends a target a malicious email containing a link to what appears to be a shared file or document.

File-sharing phishing attacks would be a pressing issue regardless of volume, as one single successful attack can have costly consequences.

The majority of these attacks were sophisticated in nature, with 60% exploiting legitimate domains, most commonly webmail accounts, such as Gmail, iCloud, and Outlook; productivity and collaboration platforms; file storage and sharing platforms like Dropbox; and e-signature solutions like Docusign.

"Very few companies block URLs from these services because they aren't inherently malicious. And by dispatching phishing emails directly from the services themselves, attackers hide in plain sight, making it harder for their targets to distinguish between legitimate and malicious communications. And when attackers layer in social engineering techniques, identifying these attacks becomes near-impossible."

The finance industry was found to be most at risk, with file-sharing phishing attacks making up one in ten attacks.

BEC attacks grew by more than 50% over the last year, with attacks on smaller organizations jumping nearly 60% in the last half.

News URL

https://www.helpnetsecurity.com/2024/08/20/file-sharing-phishing-attacks/