Cybersecurity is an ever-evolving field, and as new solutions are introduced to better detect and defend against cyberthreats, attackers in turn need to adapt their tactics to try and evade those solutions.
For example, Barracuda threat analysts have recently identified a rise in phishing attacks that leverage trusted content creation and collaboration platforms popular with schools and designers as well as businesses.
Content creation platforms such as social media networks or a CMS or are being used by millions of people around the world and are designed for easy and open collaboration and creativity. Users trust the platforms’ tools and attackers are exploiting this to distribute malicious content while evading detection.
The analysts found that attackers are sending out emails from these platforms, featuring legitimate-looking posts, designs, and documents, but with embedded phishing links.
If an email recipient interacts with these links, they are often directed to fraudulent login pages or other deceptive sites intent on stealing sensitive information, such as login credentials and personal data.
The analysts believe this approach is part of a broader shift in phishing tactics, where attackers target popular, reputable platforms to implement their attacks, increasing the chances of success and evading detection.
The exploitation of trusted tools also poses a greater challenge for the security professionals and email protection technologies tasked with protecting users.
Phishing attacks leveraging educational technology
The analysts found several phishing attacks leveraging an online collaboration tool widely used in educational settings. The platform allows students to create and share virtual boards or “walls” where they can post and organise several types of content.
Cybercriminals are leveraging the platform’s post walls to send emails with embedded phishing links or URLs. In one example seen by the analysts, the platform is used to host voice mail phishing links.
Once the user clicks the button to play the voice mail, it takes them to another link, which redirects them to a fake Microsoft login page designed to capture and steal their login credentials.
In another example, the attackers trick the user into clicking a link to view all files and project details before a supposed bidding deadline.
When the victim clicks on the link, they are redirected to a shared file link that seems to be a secure document. This ultimately takes them to a phishing site where their credentials are stolen.
Phishing attacks leveraging a graphic design platform
Barracuda have identified a sophisticated phishing campaign using a well-known online graphic design platform to target unsuspecting victims.
The phishing emails, disguised as legitimate file-sharing invitations from Microsoft 365, appear authentic at first glance, tricking recipients into believing they are accessing important shared documents.
However, upon clicking the provided links, victims are redirected through multiple sites, ultimately landing on a fraudulent page designed to harvest their Microsoft 365 login credentials.
This cleverly orchestrated attack highlights a growing trend of cybercriminals leveraging trusted platforms to deceive users, making it more difficult to distinguish between genuine and malicious communications.
Phishing attacks leveraging a business file sharing and tracking platform
The third example seen by the analysts involved an online platform designed to streamline the creation, sharing, and tracking of documents. Unlike the other two platforms leveraged for phishing, this platform is mainly focused on business professionals.
The analysts found several fake “File Share” notifications hosted on the site and included in emails, which are designed to take victims to a page that will steal their login credentials.
Content creation platforms leveraged for phishing attacks – Conclusion
As mentioned above, the increase in phishing attacks leveraging trusted content creation and collaboration platforms highlights a shift in cybercriminal tactics towards the misuse of popular, reputable online communities to implement attacks, evade detection and exploit the confidence that targets will have in such platforms.
It is vital that for individuals and organisations, including educational institutions, remain vigilant and implement robust security measures that can detect and adapt to evolving threats.
For example, individuals need to be wary of clicking on links in unsolicited emails, or in message from people they don’t know. Other potential red flags include suspicious calls to action, and unexpected or illogical landing sites from links they receive, such as a service that isn’t provided by Microsoft asking for Microsoft logins.
In terms of security solutions, Email protection solutions that feature multilayered, AI- and machine-learning-powered detection prevent these types of attacks from reaching user inboxes.
This should ideally include sophisticated “intent” analysis, capable of intelligently scanning all URLs in emails for phishing threats.
In light of these findings, it’s clear that content creation platforms are becoming increasingly attractive targets for cybercriminals.
With an estimated 91% of cyberattacks starting from phishing emails, and (35%) of those malicious emails contain ransomware, users must remain vigilant. According to stationx.net 91% of bait emails are sent via Gmail accounts.
Check Point Research also indicates, LinkedIn is the brand most frequently imitated to lure phishing victims into disclosing credentials/information.
A recent Barracuda threat analysis of email attack trends from June 2023 to May 2024 uncovered key insights into how organisations of varying sizes are targeted by email threats.
Larger companies are particularly vulnerable to lateral phishing attacks, while smaller businesses are at greater risk of facing external phishing attempts and extortion schemes.
