Content platforms exploited for phishing attacks, warns Barracuda
Barracuda threat analysts have identified a new trend in phishing attacks, where cyber criminals are exploiting content creation and collaboration platforms commonly used by educational institutions, graphic designers, and various businesses globally.
According to the latest research, these platforms, which boast millions of users worldwide, are being utilised to send emails featuring legitimate-looking posts, designs, and documents with embedded phishing links.
Recipients who click on these links are redirected to fraudulent login pages or other deceitful websites, designed to steal sensitive information such as login credentials and personal data. In one instance observed by Barracuda analysts, voicemail phishing links were hosted on a content creation platform.
Saravanan Govindarajan, Manager, Threat Analysis at Barracuda, remarked on the evolving tactics of cyber criminals. "The increase in phishing attacks leveraging trusted content creation and collaboration platforms highlights a shift in cyber criminal tactics towards the misuse of popular, reputable online communities to implement attacks, evade detection, and exploit the confidence that people have in such platforms."
Govindarajan underscored the importance of vigilance and robust security measures that can adapt to these evolving threats in order to protect personal information and intellectual property.
This new research complements a series of recent reports from Barracuda, which have demonstrated how attackers behind email threats are refining their tools and techniques to enhance their success rates and avoid detection by advanced security tools. The analysts have reported various methods used by cyber criminals, including the use of QR codes, popular webmail services, and URL shorteners, alongside sophisticated infostealers designed to exfiltrate potentially significant volumes of data.
To protect against these threats, Barracuda recommends that email recipients exercise caution when invited to click on links in unsolicited emails or messages from unknown senders. Additional warning signs include suspicious calls to action and landing sites that appear unexpected or illogical, such as a non-Microsoft service asking for Microsoft login credentials.
Barracuda also stresses the importance of using email protection solutions that feature multilayered, AI- and machine-learning-powered detection capabilities to prevent such attacks from reaching user inboxes.
Barracuda works on the mission statement that 'every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use.' Barracuda protects email, networks, data, and applications with innovative solutions that grow and adapt with customers' journeys. Many organisations worldwide trust the company to protect and support them so they can focus on taking their business to the next level.