Advert.

Do NOT tell your scammer he is posted here, or report their accounts as it puts others at risk!

Be wary of emails with links to ... er, Google Drive?

Did you read about scams in the papers, or see it on TV? Let us know.

Be wary of emails with links to ... er, Google Drive?

Unread postby SlapHappy » Tue May 07, 2019 7:56 pm

https://www.theregister.co.uk/2019/05/0 ... _research/

Be wary of emails with links to ... er, Google Drive? Is that right?
Alibaba, Azure and more used for badness, warns infosec biz
By Gareth Corfield 7 May 2019 at 15:45 6 Reg comments SHARE


Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html
Spammers are increasingly turning to common file-sharing and object storage services such as Google Drive and Microsoft Azure, in an attempt to evade ever-better corporate filters.

"Embedding links to trusted services helps attackers bypass traditional content filters, such as spam filters, which might otherwise block the scams," opined infosec biz Netskope in its recent research into the phenomenon of phishing emails leveraging popular file-sharing sites.

The attack vector is simple: the victim receives an email or SMS with bait text encouraging them to click a link to one of the popular sites. Netskope named these as Google Drive, AWS, Azure and Alibaba.

Aside from looking convincing to potential victims, it offers them links to sites they would otherwise trust, instead of the old-fashioned approach of sending links to new domains controlled by attackers. As public awareness of basic infosec techniques rises, cybercrims are moving with the times.

Moreover, reckoned Netskope, using public file-hosting sites makes it easier to bunny-hop from one to another when links or uploads are taken down, rather than the mild faff it causes the miscreants when entire domains used for criminal purposes are deleted.

"While currently only being used for long-running scams targeting individuals, these techniques could also be used to target business who use services such as Google Drive," said Netskope's Abhinav Singh in a statement. "We should begin educating users and putting controls in place to protect ourselves against the onslaught of attackers abusing cloud services."

Targeted techniques for phishing and malware deployment are gaining popularity among cybercrims, as Britain's GCHQ spy agency mentioned during a public conference last week, referring to one specific instance of black hats abusing a pairing feature on OTT app Viber to secure instant access to a target's phone contacts book.

Social engineering, as an attack vector, is on the rise too, with criminals relying on tried and tested strategies that are almost as old as the invention of email itself instead of developing ever more powerful malware strains. Those techniques are paying off, as Indian outsourcer Wipro found to its cost.
If anyone asks you for money on the Internet they are always a scammer, 100% of the time.
Blackmail Scammed? Go here: https://www.scamsurvivors.com/blackmail/#/
FAQ viewtopic.php?f=3&t=19
Victim of a scam? Go here: https://scamsurvivors.com/forum/viewtop ... =3&t=26504
User avatar
SlapHappy
Retired admin/co creator
 
Posts: 44968
Joined: Tue Apr 17, 2012 5:18 am
Location: Just a face in a magazine, watching you post your scammer's details.

Return to Media reports.

Who is online

Users browsing this forum: No registered users and 13 guests