Share This:

Phishing attacks leveraging a graphic design platform

Barracuda’s analysts identified a phishing attempt leveraging a popular online graphic design platform. The emails sent from the platform involve what looks like a legitimate file sharing invitation from Microsoft 365. However, it takes victims through a series of links to a page designed to steal their credentials.

Phishing attacks leveraging a business file sharing and tracking platform

The third example seen by the analysts involved an online platform designed to streamline the creation, sharing, and tracking of documents. Unlike the other two platforms leveraged for phishing, this platform is mainly focused on business professionals.

The analysts found several fake “File Share” notifications hosted on the site and included in emails, which are designed to take victims to a page that will steal their login credentials.

Conclusion

As mentioned above, the increase in phishing attacks leveraging trusted content creation and collaboration platforms highlights a shift in cybercriminal tactics towards the misuse of popular, reputable online communities to implement attacks, evade detection and exploit the confidence that targets will have in such platforms.

It is vital that for individuals and organizations, including educational institutions, remain vigilant and implement robust security measures that can detect and adapt to evolving threats.

For example, individuals need to be wary of clicking on links in unsolicited emails, or in messages from people they don’t know. Other potential red flags include suspicious calls to action, and unexpected or illogical landing sites from links they receive, such as a service that isn’t provided by Microsoft asking for Microsoft logins.

In terms of security solutions, email protection solutions that feature multilayered, AI- and machine-learning-powered detection prevent these types of attacks from reaching user inboxes. This should ideally include sophisticated “intent” analysis, capable of intelligently scanning all URLs in emails for phishing threats.

This article was originally published at Barracuda Blog.

Photo: Skrypnykov Dmytro / Shutterstock


Share This:
Saravanan Govindarajan

Posted by Saravanan Govindarajan

Saravanan Govindarajan currently leads the 24/7 threat analyst team at Barracuda Networks, where we develop detection solutions for Barracuda’s email security products to safeguard our customers across the globe with real-time protection against the latest email related threats. With over 15 years of experience, he has served as a security researcher on a range of email security products, including Symantec Bright-Mail, AOL Mail Ops, and McAfee Email Security Gateway.

Leave a reply

Your email address will not be published. Required fields are marked *