The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites.
Google-branded sites accounted for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13%.
The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts.
Remote workers faced a barrage of over 100,000 phishing attacks within four months, mostly involving Google-branded websites, according to a report by Barracuda Networks. The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites. Google-branded sites accounted for about 65,000 of the attacks making up for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13% of the attacks registered between January 1, 2020, and April 30, 2020.
The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts without the use of passwords. Google file-sharing and storage websites accounted for 65% of phishing attacks targeting remote workers within the first four months of the year. These phishing attacks involved the use of Google’s domains, such as storage.googleapis.com (25%), docs.google.com (23%), storage. cloud.google.com (13%), and drive.google.com (4%). Microsoft brands were used in 13% of the attacks, including onedrive.live.com (6%), sway.office.com (4%), and forms.office.com (3%).
Read more: GOOGLE'S ADVANCED PROTECTION CYBERSECURITY NOW AVAILABLE TO NEST USERS
Organizations should also educate their employees on online security to help them navigate the complex attack landscape that keeps changing. This training would come in handy, especially for remote workers who are more prone to phishing attacks .
Other brands used to target remote workers included sendgrid.net, which contributed to 10% of the phishing attacks. Mailchimp.com and formcrafts.com accounted for 4% and 2%, respectively. Barracuda Networks senior product marketing manager for email, Olseia Klevchuk, said cybercriminals prefer to use Google’s services because they are more accessible and are free to use, thus allowing them to create multiple accounts. She added that the methods that criminals use, such as sending a phishing email with a link to a legitimate site, make it harder to detect these forms of phishing attacks.
Steve Peake, the UK systems engineer for Barracuda Networks, says brand-impersonation spear phishing attacks formed a popular and successful method of harvesting a user’s login credentials. With more people than ever working from home, cybercriminals found an opportunity to flood people’s inboxes with phishing emails. With the advancement of the attacks in recent times, now hackers can even create an online phishing form or page using the guise of legitimate services to trick unsuspecting users. Criminals impersonate legitimate sites by creating emails that appear to have been generated automatically by file-sharing sites such as Google Drive or OneDrive.
Many attackers know that if they want to attack someone specific, it’s more likely to succeed if their initial attacks lands in a target’s email box late at night or early in the morning when they’re not as focused, and when the attacker can most convincingly pretend to be someone else.
The criminals then redirect the remote workers to a phishing site through a file stored on the file-sharing site. These phishing sites then request the users to provide login details to access the content. To create data forms resembling login pages, criminals are using online forms services provided by companies such as forms.office.com, and send these forms to unsuspecting users. These services trick many users because they reside on the official companies’ domain and hence appear trustworthy. Most users do not realize that companies do not use these domains for login or password recovery. For example, Google does not ask users to log in through docs.google.com but instead uses account.google.com for authentication. For an ordinary user, the difference is too subtle to raise any suspicions.
Hackers have also applied non-password methods to access user accounts. Users are requested to accept app permission for rogue apps after logging in through legitimate sites. By granting these permissions, the users give the hackers their accounts’ access token, thus allowing them to log in at will. These attacks cannot be prevented by enabling two-factor authentication because the apps are given long-term access to the account. They also remain unnoticed for a long time because users forget which apps they have granted permissions to access their accounts. Users should be vigilant in detecting suspicious activities on their accounts. Most accounts provide an account history that allows users to view the time and location their accounts were accessed from.
Read more: SECURITYSCORECARD REVAMPS ITS CYBERSECURITY RISK MANAGEMENT PRODUCT AMIDST GLOBAL SHIFT TO REMOTE WORK