Content creation platforms leveraged for phishing attacks

content creation phishing

Phishing attacks leveraging a graphic design platform

Barracuda’s analysts identified a phishing attempt leveraging a popular online graphic design platform. The emails sent from the platform involve what looks like a legitimate file sharing invitation from Microsoft 365. However, it takes victims through a series of links to a page designed to steal their credentials.

Phishing attacks leveraging a business file sharing and tracking platform

The third example seen by the analysts involved an online platform designed to streamline the creation, sharing, and tracking of documents. Unlike the other two platforms leveraged for phishing, this platform is mainly focused on business professionals.

The analysts found several fake “File Share” notifications hosted on the site and included in emails, which are designed to take victims to a page that will steal their login credentials.

Conclusion

As mentioned above, the increase in phishing attacks leveraging trusted content creation and collaboration platforms highlights a shift in cybercriminal tactics towards the misuse of popular, reputable online communities to implement attacks, evade detection and exploit the confidence that targets will have in such platforms.

It is vital that for individuals and organizations, including educational institutions, remain vigilant and implement robust security measures that can detect and adapt to evolving threats.

For example, individuals need to be wary of clicking on links in unsolicited emails, or in messages from people they don’t know. Other potential red flags include suspicious calls to action, and unexpected or illogical landing sites from links they receive, such as a service that isn’t provided by Microsoft asking for Microsoft logins.

In terms of security solutions, email protection solutions that feature multilayered, AI- and machine-learning-powered detection prevent these types of attacks from reaching user inboxes. This should ideally include sophisticated “intent” analysis, capable of intelligently scanning all URLs in emails for phishing threats.

This article was originally published at Barracuda Blog.

Photo: Skrypnykov Dmytro / Shutterstock

This post originally appeared on Smarter MSP.

Leave a Reply

Your email address will not be published. Required fields are marked *