Fake Google and Microsoft branded websites meant to trick users into giving away their login credentials accounted for a bulk of form based cyberattacks detected by Barracuda Networks in last four months.
Out of the 100,000 form-based attacks by the cybersecurity firm between January 1 and April 30, Google file sharing and storage websites were used in 65% of the cases, accounting for 4% of all spear-phishing attacks in the first four months of the 2020.
The report shows that 25% of attacks used storage.googleapis.com, 23% used docs.google.com, 13% used storage.cloud.google.com and 4% used drive.google.com for impersonation.
On the other hand, Microsoft brands accounted for 13% of the attacks. Microsoft’s onedrive.live.com was involved in 6% attacks, sway.office.com in 4% attacks and forms.office.com in 3% of attacks.
The other leading websites used in impersonation attacks include sendgrid.net (10%), mailchimp.com (4%), and formcrafts.com (2%).
Are you afraid of elevation of privilege attacks? Then patch immediately.
Microsoft has fixed more than 50 (!) of those on a single patch day. PS: how come there are so many found and fixed this month? Is Bill himself helping out again ;-) ?