A State-of-the-Art Spoof (or, Why Turning Your Users Into Grammar Nazis Won't Keep the Bad Guys Out)

By Eric Howes, KnowBe4 Principal Lab Researcher. Malicious actors are becoming very skilled at exploiting popular online services that enjoy the familiarity and trust of millions of users. And the phishing emails landing in users’ inboxes are, likewise, becoming ever more dangerous and difficult to detect.

In some cases the bad guys use compromised accounts at popular online services to host and distribute their malicious files. Here’s a short list of well-known services/brands we’ve seen exploited in this fashion.

  • Microsoft OneDrive/Sharepoint
  • Google Docs
  • Dropbox
  • WeTransfer
  • Constant Contact (rs6.net)
  • Evernote

We could add to the above list at least a half-dozen other, smaller file-sharing services. (Note that we make no claims that the above is a complete list – just a list of those services we happen to see commonly exploited in phishing emails reported to us by customers using the Phish Alert Button, or PAB.)

Some of these services are especially useful to the bad guys because they provide email delivery functionality, allowing malicious actors to put malicious emails distributed by the services themselves directly into users’ inboxes. Emails from Dropbox and WeTransfer, for example, typically sail right through firewalls, Exchange security services, and endpoint anti-virus applications because they emanate from trusted services. Moreover, users tend to recognize and trust emails from these services.
Read the rest and discuss it here!


Featured Webinars

Advanced Phishing and

Monday 1:30 PM – 2:30 PM
» Learn More
Outlook Phish Alert Button
Tuesday 1:30 PM – 2:30 PM
» Learn More
Customizing Phishing Templates, Landing Pages, & Training Notifications
Wednesday 1:30 PM – 2:30 PM
» Learn More
Active Directory Integration
(ADI) Setup

Thursday 1:30 PM – 2:30 PM
» Learn More

Friday 1:30 PM – 2:30 PM
» Learn More

Privacy Policy | Terms of Service