Scammers are abusing legitimate cloud services to add legitimacy to their scam emails and trick victims into falling for their scams.
How does the scam work?
“The ease of rapidly switching to new URLs and cheap hosting cost makes services such as Alibaba, AWS, and Azure a viable target for the scammers. The object store names can be randomly generated using a DGA (domain generation algorithm) to make shutting down the scams difficult. Attackers can also use compromised accounts or incorrectly configured object stores to host the payloads,” researchers said in a blog.
“Scammers adopting cloud services was inevitable — it provides them scale, helps them avoid content filtering, and gives them a new channel where users might have their guard down,” Netskope concluded.