Beware – that Google email may be a phishing scam
The change in the working environment due to coronavirus lockdown is not the only issue remote workers are worried about, according to a report that suggests hackers are targeting remote workers in an attempt to steal their personal information.
Researchers from Barracuda Networks uncovered a highly targeted campaign mounting form-based phishing attacks impersonating Google and Microsoft branded domains.
According to the report, out of 100,000 such form-based attacks, hackers used Google file sharing and storage websites like drive.google.com, storage.googleapis.com and docs.google.com in 65 percent of cases.
Meanwhile, Microsoft-related domains such as onedrive.live.com, sway.office.com and forms.office.com were used in almost 13 percent of attacks, with other prominent sites including Sendgrid, Mailchimp and Formcrafts also used.
Spear-phishing attacks
Steve Peake, a systems engineer manager at Barracuda Networks, said, “Brand-impersonation spear-phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cybercriminals are taking the opportunity to flood people’s inboxes with these scams.”
Highlighting the modus operandi of the cybercriminals, Peake added, “The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users.”
The report reveals that while Google-branded form attacks account for four percent of spear-phishing incidents recorded in the first four months of this year, experts fear that the numbers are bound to increase.
While these attacks are yet to be controlled, experts suggest that professionals should take additional steps to protect accounts like multi-factor authentication and email security software.