Cybercrooks tend to prefer Google-branded phishing to Microsoft-flavoured lures

So says Barracuda Networks, anyway

2 Reg comments Got Tips?

Digital rogues are shunning Microsoft in favour of Google when it comes to launching branded spear-phishing attacks, according to threat intel firm Barracuda Networks.

The outfit reckons malicious people abusing Google services such as Drive, Docs and Cloud managed to launch 65,000 attacks between January and April.

"Of the nearly 100,000 form-based attacks Barracuda detected between January 1, 2020, and April 30, 2020, Google file sharing and storage websites were used in 65 per cent of attacks. This includes storage.googleapis.com (25 per cent), docs.google.com (23 per cent), storage.cloud.google.com (13 per cent), and drive.google.com (4 per cent)," said Barracuda in a statement.

Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Google: We've blocked 126 million COVID-19 phishing scams in the past week

READ MORE

The firm's Steve Peake opined: "With more people than ever working from home, it's no surprise that cyber criminals are taking the opportunity to flood people's inboxes with these scams. The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users."

In contrast, Barracuda Networks said Microsoft-branded spear-phishing attacks made up just 13 per cent, with Onedrive and Office URLs comprising the bulk of those. Other targets for impersonation included survey biz Mailchimp and marketing email platform Sendgrid.

Spear phishing, as all Reg readers know, is a popular way for criminals to obtain useful information from their targets. A few years ago a Google-impersonating phishing scam did the rounds, although that one led to a malicious web app simply named "Google Docs" via an email inducing the user to click a link. Once clicked, the app behind the link scraped contact information from the user's device and automatically sent emails to spread the attack.

The value to scammers of these types of lures is that they piggyback off the brand recognition of whichever company or service they're posing as. With companies increasingly relying on third-party services to host their internal infrastructure, the risks of clicking links to those third parties only grows – unless you're certain who the sender is and expect them to send you something. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020