Researchers at Barracuda have observed an increase in phishing attacks that abuse popular content creation and collaboration platforms. These include online graphic design platforms and document-sharing services widely used by educational institutions and businesses.
“The analysts found that attackers are sending out emails from these platforms, featuring legitimate-looking posts, designs, and documents, but with embedded phishing links,” the researchers write. “If an email recipient interacts with these links, they are often directed to fraudulent login pages or other deceptive sites intent on stealing sensitive information, such as login credentials and personal data.”
In one instance, attackers used a collaboration tool used by schools to share links to a spoofed Microsoft login page designed to harvest credentials.
“The analysts found several phishing attacks leveraging an online collaboration tool widely used in educational settings,” the researchers write. “The platform allows students to create and share virtual boards or ‘walls’ where they can post and organize several types of content. Cybercriminals are leveraging the platform's post walls to send emails with embedded phishing links or URLs. In one example seen by the analysts, the platform is used to host voicemail phishing links. Once the user clicks the button to play the voicemail, it takes them to another link, which redirects them to a fake Microsoft login page designed to capture and steal their login credentials.”
The researchers emphasize that students and employees need to be aware that legitimate tools can be abused to spread malicious links.
“It is vital that for individuals and organizations, including educational institutions, remain vigilant and implement robust security measures that can detect and adapt to evolving threats,” Barracuda concludes. “For example, individuals need to be wary of clicking on links in unsolicited emails, or in message from people they don’t know. Other potential red flags include suspicious calls to action, and unexpected or illogical landing sites from links they receive, such as a service that isn't provided by Microsoft asking for Microsoft logins.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Barracuda has the story.
