As an update to our previous article on recognising Phishing attacks a new attack strategy is gaining popularity among hackers, and is proving alarmingly successful.
Phishing emails evolve
A new headache for users and service providers alike is a new tactic being used by hackers whereby legitimate cloud file sharing services, such as OneDrive from Microsoft, are used to embed links within emails which point to bona fide online documents resulting in realistic looking images instead of actual virus checked attachments, luring victims into a false sense of security when clicking on these items within emails.
Attackers are exploiting a shortcoming on many cloud service providers file-sharing offerings whereby using a seemingly authentic email from a compromised user and a valid link to a file legitimately stored on these services unsuspecting users are then redirected to an account login page under the control of the attacker. Unsuspecting users are then tricked into submitting their username and password which are harvested for use in further attacks.
This level of sophistication is become more and more commonplace, with the method of duping users of all technical abilities.
However you end up at a login page, remember that there are very few circumstances where anyone will ever ask you for your credentials unless it was you who initiated the need to access a secured account or resource.
Always be sceptical when reviewing attachments to emails, never trusting an unknown source or opening an attachment you didn’t expect, and always ensure that if something looks like an attachment that it actually is one, and not a link redirecting you to another site.
Phishing attacks are on the rise, both in terms of sophistication and effectiveness. For more information Phishing attacks and how to avoid them, see our comprehensive article Phishing Emails – what are they, and how to spot them