Cybersecurity is an ever-evolving field, and as new solutions are introduced to better detect and defend against cyberthreats, attackers in turn need to adapt their tactics to try and evade those solutions.
For example, Barracuda threat analysts have recently identified a rise in phishing attacks that leverage trusted content creation and collaboration platforms popular with schools and designers as well as businesses.
The platforms are used by millions of people around the world and are designed for easy and open collaboration and creativity. Users trust the platforms’ tools and attackers are exploiting this to distribute malicious content while evading detection.
The analysts found that attackers are sending out emails from these platforms, featuring legitimate-looking posts, designs, and documents, but with embedded phishing links.
If an email recipient interacts with these links, they are often directed to fraudulent login pages or other deceptive sites intent on stealing sensitive information, such as login credentials and personal data.
The analysts believe this approach is part of a broader shift in phishing tactics, where attackers target popular, reputable platforms to implement their attacks, increasing the chances of success and evading detection.
The exploitation of trusted tools also poses a greater challenge for the security professionals and email protection technologies tasked with protecting users.
Phishing attacks leveraging educational technology
The analysts found several phishing attacks leveraging an online collaboration tool widely used in educational settings. The platform allows students to create and share virtual boards or “walls” where they can post and organize several types of content.
Cybercriminals are leveraging the platform’s post walls to send emails with embedded phishing links or URLs. In one example seen by the analysts, the platform is used to host voice mail phishing links. Once the user clicks the button to play the voice mail, it takes them to another link, which redirects them to a fake Microsoft login page designed to capture and steal their login credentials.