Phishing Attacks Dodge Email SecurityCofense: Fraudsters Use Trusted Web Services to Evade Security Protocols
A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, the security firm Cofense says in a new report.
The attack profile centers on using legitimate file-sharing websites and invoice-themed phishing attacks to steal credentials and spread malware, Aaron Higbee, CTO and co-founder of Cofense, tells Information Security Media Group in a video interview.
"What we're seeing more and more these days is attackers leveraging valid third-party file transfer sites and valid web hosting sites like Office 365 to not only send their phishing emails, but also to then host the phishing page and send the credentials as well," Higbee says.
Using Shared Sites to Gain Entry
The Cofense report found the hackers are using spear-phishing attacks that request the recipient to access a shared document from such cloud-based services such as Dropbox, ShareFile, WeTransfer, Google Docs, Egnyte and SharePoint. The social engineering aspect of the attack is that the sender's email address relates in some way to the business being attacked to help lower the recipient's suspicion.
"The spear-phishing attack sends a link requesting users to access a purchase order form with a .pdf extension. Upon clicking, the attack automatically redirects the user to their default web browser, requesting to click the 'Download' button," according to the report.
The target is then asked to open the downloaded file, which then redirects the victim to a fake Microsoft login page. This fraudulent page is created using the legitimate free website builder Weebly.com. Because this is considered a trusted website, hackers are further able to deceive any security measures in place designed to stop users from visiting dangerous sites.
After a victim keys in their Microsoft login credentials, they are stolen. But to further the deception that "all is well," at the end of the transaction, the victim is forwarded to an authentic Microsoft website.
To mitigate the risks posed by these phishing attacks, Cofense says email users should question every message received rather than rely on cybersecurity software for protection.
The report recommends all email recipients consider two questions: “Was I expecting this transfer?” and “Am I expecting to receive a purchase order from this sender?”