- Scammers are sending phishing emails with links to malicious sites hosted on legitimate cloud services such as Amazon Web Services (AWS), Microsoft Azure, Alibaba Cloud.
- Scammers are also abusing Google Docs as Google Docs links help attackers bypass spam filters.
Scammers are abusing legitimate cloud services to add legitimacy to their scam emails and trick victims into falling for their scams.
How does the scam work?
- Netskope observed that these scammers are sending phishing emails and SMS messages with malicious links.
- The malicious links redirect users to phishing pharmacy sites, dating sites, and tech support sites hosted on legitimate cloud services such as Amazon Web Services (AWS), Microsoft Azure, Alibaba Cloud.
- The phishing sites are designed to steal victims’ personal information.
“The ease of rapidly switching to new URLs and cheap hosting cost makes services such as Alibaba, AWS, and Azure a viable target for the scammers. The object store names can be randomly generated using a DGA (domain generation algorithm) to make shutting down the scams difficult. Attackers can also use compromised accounts or incorrectly configured object stores to host the payloads,” researchers said in a blog.
- Scammers are also abusing Google Docs to create and share presentations that contain malicious links.
- These malicious links redirect users to dating sites that are designed to infiltrate users’ personal information and credit card details.
- Scammers are abusing Google Docs as Google Docs links help attackers bypass spam filters.
“Scammers adopting cloud services was inevitable — it provides them scale, helps them avoid content filtering, and gives them a new channel where users might have their guard down,” Netskope concluded.