Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management

Phishing Attacks Dodge Email Security

Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols
Aaron Higbee, CTO and co-founder of Cofense

A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, the security firm Cofense says in a new report.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

The attack profile centers on using legitimate file-sharing websites and invoice-themed phishing attacks to steal credentials and spread malware, Aaron Higbee, CTO and co-founder of Cofense, tells Information Security Media Group in a video interview.

"What we're seeing more and more these days is attackers leveraging valid third-party file transfer sites and valid web hosting sites like Office 365 to not only send their phishing emails, but also to then host the phishing page and send the credentials as well," Higbee says.

Using Shared Sites to Gain Entry

The Cofense report found the hackers are using spear-phishing attacks that request the recipient to access a shared document from such cloud-based services such as Dropbox, ShareFile, WeTransfer, Google Docs, Egnyte and SharePoint. The social engineering aspect of the attack is that the sender's email address relates in some way to the business being attacked to help lower the recipient's suspicion.

"The spear-phishing attack sends a link requesting users to access a purchase order form with a .pdf extension. Upon clicking, the attack automatically redirects the user to their default web browser, requesting to click the 'Download' button," according to the report.

The target is then asked to open the downloaded file, which then redirects the victim to a fake Microsoft login page. This fraudulent page is created using the legitimate free website builder Weebly.com. Because this is considered a trusted website, hackers are further able to deceive any security measures in place designed to stop users from visiting dangerous sites.

After a victim keys in their Microsoft login credentials, they are stolen. But to further the deception that "all is well," at the end of the transaction, the victim is forwarded to an authentic Microsoft website.

To mitigate the risks posed by these phishing attacks, Cofense says email users should question every message received rather than rely on cybersecurity software for protection.

The report recommends all email recipients consider two questions: “Was I expecting this transfer?” and “Am I expecting to receive a purchase order from this sender?”


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.