Cybercriminals Impersonating Google to Target Remote Workers
Cybercriminals often use popular and trusted brand names to trick users into sharing login credentials. In recent times, the attackers have impersonated many web services such as Microsoft Outlook, and Google Docs to harvest data to commit fraud or launch campaigns.
What the latest report says
According to a new report by Barracuda Networks, between January 1 and April 30, 2020, Google file sharing and storage websites and brand names were used in 65% of nearly 100,000 form-based attacks, making up 4% of all spear-phishing attacks in the first four months of 2020.
- The attackers leverage brand names of Google services to trick their victims: storage.googleapis.com (25%), docs.google.com (23%), storage.cloud.google.com (13%), and drive.google.com (4%).
- Microsoft brands were also used for impersonation in 13% of attacks: onedrive.live.com (6%), sway.office.com (4%), and forms.office.com (3%).
- The other sites including sendgrid.net (10%), mailchimp.com (4%), and formcrafts.com (2%) were also used in the impersonation attacks.
Other attempts of impersonation of popular brands
Hackers have been using a variety of phishing campaigns to take advantage of the COVID-19 pandemic to distribute malware, steal credentials, and scam users and organizations out of money. Within May 2020, attackers launched many phishing campaigns and impersonated several popular brand names.
- The attacker impersonated the collaboration software provider, LogMeIn by sending fake yet legitimate-looking emails and directed users to a phishing site to compromise LogMeIn account login credentials.
- The attackers used newly updated designs for Azure AD and Microsoft 365 sign-in pages to launch phishing attacks. Attackers quickly adapted the changes made to resources and updated their tactics to make the attacks a lot more convincing.
- A phishing attack was launched on Magellan Health employees and clients and exfiltrated their data and used a custom-malware to steal login credentials and passwords.
- The attacker impersonated Zoom in a phishing campaign, by crafting a convincing email and landing page that mimicked meeting notifications from Zoom, in order to steal Microsoft credentials of employees.
- In an impersonating attack, attackers sent an automated Microsoft Teams notification email to steal the credentials of relevant accounts.
Organizations must train all their employees, test them on the latest threats, and ensure to follow prevention strategy. Organizations must also follow strong security policies and vigilance on the part of employees and create cyber resilience plans to avoid such attacks.