Author: Kyle Fedorek
Phishing methods have witnessed an evolution in the current landscape, coercing users into offering credentials. Researchers have warned people to keep an eye out for form-based phishing attacks where the threat actors imitate or abuse branded file-sharing, content-sharing, and productivity websites. Phishing attacks have seen an uptick in recent years also followed by an increase in malware and ransomware attacks originating from a spear-phishing campaign.
Some background information on phishing
Barracuda Networks, in its blog post, has stated that between January and April, these form-based phishing attacks impersonated Microsoft and Google services. In some variants, credential theft is not required – the attackers need to be granted access token. Also with the Covid-19 pandemic many workers are forced to stay at home. Thus remote work has been targeted by attackers steadily during these times. There have also been a lot of Zoom credential phishing via emails and fake zoom login forms on fraudulent websites setup by attackers.
Some statistics your way
- These attacks comprised 4% of spear-phishing attacks – with approximately 100,000 cases in the first quarter of 2020.
- Google storage and file sharing websites were leveraged 65% of the time, while Microsoft brands were leveraged 13% of the time. Other impersonated brands consisted of formcrafts.com (2%), mailchimp.com (4%), and sendgrid.net (10%).
The pandemic has given rise to a number of phishing attacks against enterprises, where the malicious actors have shown no regard for the ongoing crisis. Phishing scams are not a new threat, however, with the increasing sophistication in attack tactics and the current environment, these attacks have the highest potential of being effective.
- The form-based phishing attacks are difficult to identify as the links point to legitimate websites.
- Since the aim of these attacks is to steal credentials, the most probable result would be an account takeover, stated Klevchuk.
Phishing attacks are not going anywhere; hackers will evolve their techniques and form-based attacks are expected to go a long way. Nevertheless, organizations can take steps, such as implementing MFA, improving user security education, and deploying API-based inbox defense, to protect themselves and their customers against such attacks. Always double check the legitimacy of the emails you receive. Many attackers simply spoof the senders email address to look legitimate. Upon further review we see the real email source is usually some foreign domain and made-up. If possible call or double check who sent the email an be wary of clicking on any links. An as always be super wary of giving up and type of password or credentials to a form that you clicked through an email. Stay safe at there!