Phishing Attacks Abuse Content Creation and Collaboration Platforms



Phishing Attacks Abuse Content CreationResearchers at Barracuda have observed an increase in phishing attacks that abuse popular content creation and collaboration platforms. These include online graphic design platforms and document-sharing services widely used by educational institutions and businesses.

“The analysts found that attackers are sending out emails from these platforms, featuring legitimate-looking posts, designs, and documents, but with embedded phishing links,” the researchers write. “If an email recipient interacts with these links, they are often directed to fraudulent login pages or other deceptive sites intent on stealing sensitive information, such as login credentials and personal data.”

In one instance, attackers used a collaboration tool used by schools to share links to a spoofed Microsoft login page designed to harvest credentials.

“The analysts found several phishing attacks leveraging an online collaboration tool widely used in educational settings,” the researchers write. “The platform allows students to create and share virtual boards or ‘walls’ where they can post and organize several types of content. Cybercriminals are leveraging the platform's post walls to send emails with embedded phishing links or URLs. In one example seen by the analysts, the platform is used to host voicemail phishing links. Once the user clicks the button to play the voicemail, it takes them to another link, which redirects them to a fake Microsoft login page designed to capture and steal their login credentials.”

The researchers emphasize that students and employees need to be aware that legitimate tools can be abused to spread malicious links.

“It is vital that for individuals and organizations, including educational institutions, remain vigilant and implement robust security measures that can detect and adapt to evolving threats,” Barracuda concludes. “For example, individuals need to be wary of clicking on links in unsolicited emails, or in message from people they don’t know. Other potential red flags include suspicious calls to action, and unexpected or illogical landing sites from links they receive, such as a service that isn't provided by Microsoft asking for Microsoft logins.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Barracuda has the story.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews