New form-based attacks use Google-branded sites to steal logins

A new type of brand impersonation attack is disproportionately using Google-branded sites to trick victims into sharing login credentials, according to new research from Barracuda, a provider of cloud-enabled security solutions. Detecting nearly 100,000 cases of this style of attack in the first four months of 2020, the new form-based attacks make up 4% of all spear phishing attacks during the period; a number which researchers expect to climb as cybercriminals see success in harvesting credentials with these attacks. The form-based attacks are a new kind of brand impersonation attack, which sees scammers leveraging productivity sites like docs.google.com or sway.office.com to convince victims to hand over their credentials. Of the nearly 100,000 form-based attacks Barracuda detected between January 1, 2020, and April 30, 2020, Google file sharing and storage websites were used in 65% of attacks. All other sites made up 6% of form-based attacks.

Read Full Article Here

Related Articles