By Eric Howes, KnowBe4 Principal Lab Researcher. Malicious actors are becoming very skilled at exploiting popular online services that enjoy the familiarity and trust of millions of users. And the phishing emails landing in users’ inboxes are, likewise, becoming ever more dangerous and difficult to detect.
In some cases the bad guys use compromised accounts at popular online services to host and distribute their malicious files. Here’s a short list of well-known services/brands we’ve seen exploited in this fashion.
- Microsoft OneDrive/Sharepoint
- Google Docs
- Constant Contact (rs6.net)
We could add to the above list at least a half-dozen other, smaller file-sharing services. (Note that we make no claims that the above is a complete list – just a list of those services we happen to see commonly exploited in phishing emails reported to us by customers using the Phish Alert Button, or PAB.)
Some of these services are especially useful to the bad guys because they provide email delivery functionality, allowing malicious actors to put malicious emails distributed by the services themselves directly into users’ inboxes. Emails from Dropbox and WeTransfer, for example, typically sail right through firewalls, Exchange security services, and endpoint anti-virus applications because they emanate from trusted services. Moreover, users tend to recognize and trust emails from these services.
Read the rest and discuss it here!