Security Intelligence reported:
The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion of cloud computing, even more Software-as-a-Service (SaaS) based phishing schemes are possible.
Instead of building phishing pages from scratch, cyber criminals are increasingly turning to established SaaS platforms to execute their malware schemes. By utilizing legitimate domains to host their phishing campaigns, it’s more challenging for detection engines to identify them. And since SaaS platforms require minimal technical expertise, it’s easier for novice hackers to launch attacks.
With the increasing use of cloud-based office productivity and collaboration tools, attackers can now easily host and share malicious documents, files and malware on reputable domains.
Examples of SaaS platforms used in phishing campaigns include:
Find the original article and read more here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion of cloud computing, even more Software-as-a-Service (SaaS) based phishing schemes are possible.
Instead of building phishing pages from scratch, cyber criminals are increasingly turning to established SaaS platforms to execute their malware schemes. By utilizing legitimate domains to host their phishing campaigns, it’s more challenging for detection engines to identify them. And since SaaS platforms require minimal technical expertise, it’s easier for novice hackers to launch attacks.
With the increasing use of cloud-based office productivity and collaboration tools, attackers can now easily host and share malicious documents, files and malware on reputable domains.
Examples of SaaS platforms used in phishing campaigns include:
- File sharing
- Form builders
- Website builders
- Note-taking/collaboration tools
- Design/prototyping/wireframe
- Personal branding.
Find the original article and read more here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat