Cybercriminals exploit content platforms for phishing attacks
Cybercriminals have begun exploiting popular content creation and collaboration platforms to launch sophisticated phishing attacks, according to recent research conducted by Barracuda Networks.
The platforms, which are widely used by schools, graphic designers, and businesses, are being targeted due to their high user engagement and trusted status.
The research revealed that cybercriminals disguise phishing links within emails that present themselves as legitimate posts, designs, or documents. Unsuspecting recipients who click on these links are directed to fraudulent login pages or other deceptive sites designed to steal sensitive information such as login credentials and personal data.
These platforms have seen a surge in popularity across Singapore and the wider Asia-Pacific (APAC) region, driven by a growing trend towards digital engagement and creative expression. In Singapore alone, over 85% of the population engages in content sharing and creation activities.
"The increase in phishing attacks leveraging trusted content creation and collaboration platforms highlights a shift in cybercriminal tactics towards the misuse of popular, reputable online communities to implement attacks, evade detection and exploit the confidence that people have in such platforms," stated Saravanan Govindarajan, Manager, Threat Analysis at Barracuda. "It is vital for individuals and organisations in Singapore, and the wider Asia-Pacific region to remain vigilant and ensure they have robust security measures in place that can detect and adapt to evolving threats."
The research also found several phishing attacks leveraging an online collaboration tool widely used in educational settings. The platform allows students to create and share virtual boards or "walls" where they can post and organize several types of content.
This research is among the latest in a series of reports based on Barracuda's detection data and threat intelligence. These reports show that attackers behind email threats are continually refining their tools and techniques to increase their chances of success against advanced security measures. Previous examples included the use of QR codes, popular webmail services, and URL shorteners, as well as sophisticated infostealers intended for exfiltrating large volumes of data.
In order to stay protected from such threats, Barracuda recommends that email recipients maintain a high level of caution when invited to click on links in unsolicited emails or messages from unknown senders. They should be attentive to red flags such as suspicious calls to action and unexpected or illogical landing sites, like a non-Microsoft service requesting Microsoft login credentials.
Utilising email protection solutions that feature multilayered, AI- and machine-learning-powered detection can help prevent these types of attacks from infiltrating user inboxes.