As enterprise workforces continue to transition to remote environments, online file sharing and cloud storage tools are becoming a frequent, if not necessary means of collaboration. While abusing these types of platforms is nothing new
to threat actors, the lures they use are now taking advantage of the novel coronavirus. The two examples below demonstrate how.
We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic.
In the first example, a global financial institution is targeted with a malicious link referencing COVID-19.
A malicious file is shared with the victim through a link on a popular file-hosting service.
By following the link to access the file, the victim is presented with a malicious document that uses similar logos found in the platform’s email and website in order to create a feeling of legitimacy:
If the victim follows the link to “Access your file” they are redirected to a credential theft site where they are prompted to enter their account information:
The second example was observed targeting an international law firm.
The page has since been removed, however based on the directory path, it led to a fake Microsoft Office login designed to steal account credentials:
The national jobforce has seen a mass transition to remote work as a result of the pandemic, with some companies choosing to make the change a permanent one.
With this, online file sharing services and collaboration tools are becoming a necessary part of internal communication for many organizations. As these examples have shown, threat actors are taking advantage of these changes to further exploit COVID-19 anxieties to steal employee credentials.
Recent Articles By Author
*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Jessica Ellis. Read the original post at: https://info.phishlabs.com/blog/covid-19-phishing-update-file-sharing-services-abused