Workers have now one more issue they are concerned about, besides the changes implemented in the working environment because of the crisis the world is currently facing. A new report from a team of security researchers has just been released, suggesting that hackers are targeting remote workers in order to try stealing their personal information.
Experts from Barracuda Networks revealed a highly-targeted campaign setting up form-based phishing attacks pretending to be Google and Microsoft branded domains. As per the released report, out of 100,000 such form-based attacks, hackers utilized Google file sharing and storage websites, including drive.google.com, storage.googleapis.com, and docs.google.com in about 65 percent of cases.
In the meantime, Microsoft-related domains, including onedrive.live.com, sway.office.com, and forms.office.com were utilized in approximately 13 percent of attacks, with other notable websites, such as Sendgrid, Mailchimp, and Formcrafts.
Google-Branded Spear-Phishing Attacks
Steve Peake, a systems engineer manager at Barracuda Networks, said: “Brand-impersonation spear-phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cybercriminals are taking the opportunity to flood people’s inboxes with these scams.”
Talking about the method of operation of the hackers, Peake said that “the sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users.”
The report also explains that although these types of Google-branded form attacks are accountable for about four percent of spear-phishing events registered in the first four months of this year, security researchers suggest that the numbers are likely prone to increase.
While these attacks are not yet controlled, experts recommend that professionals should think of additional measures to protect accounts, such as multi-factor authentication and email security software.