IT Security

Share to Facebook Share to Twitter Share to LinkedIn

As an update to our previous article on recognising Phishing attacks a new attack strategy is gaining popularity among hackers, and is proving alarmingly successful.

Phishing emails evolve

A new headache for users and service providers alike is a new tactic being used by hackers whereby legitimate cloud file sharing services, such as OneDrive from Microsoft, are used to embed links within emails which point to bona fide online documents resulting in realistic looking images instead of actual virus checked attachments, luring victims into a false sense of security when clicking on these items within emails.

Attackers are exploiting a shortcoming on many cloud service providers file-sharing offerings whereby using a seemingly authentic email from a compromised user and a valid link to a file legitimately stored on these services unsuspecting users are then redirected to an account login page under the control of the attacker. Unsuspecting users are then tricked into submitting their username and password which are harvested for use in further attacks.

 attachment scamEven though it looks convincing, the PDF file isn't an attachment - rather it is a link to a file which then redirects the user away from Microsoft's systems

This level of sophistication is become more and more commonplace, with the method of duping users of all technical abilities.

However you end up at a login page, remember that there are very few circumstances where anyone will ever ask you for your credentials unless it was you who initiated the need to access a secured account or resource.
Always be sceptical when reviewing attachments to emails, never trusting an unknown source or opening an attachment you didn’t expect, and always ensure that if something looks like an attachment that it actually is one, and not a link redirecting you to another site.

attachment scam 2As with all links within emails, hovering the mouse over the item - without clicking - reveals the actual destination


More information

Phishing attacks are on the rise, both in terms of sophistication and effectiveness. For more information Phishing attacks and how to avoid them, see our comprehensive article Phishing Emails – what are they, and how to spot them