- Aug 17, 2014
Researchers full report below:Fraudsters looking to collect login details are increasingly turning to public cloud services to host lure documents and phishing pages, making it more difficult for targets to detect the attack.
The trend has gained traction among cybercriminals, who rely on multiple cloud services to host phishing landing pages and the lure documents redirecting to them.
In a campaign this year, fraudsters set up a clever scenario that involves multiple legitimate elements to hide the theft of Office 365 credentials.
Researchers at Check Point describe in a report today that the attackers relied on Google Drive to host a malicious PDF document and Google’s “storage.googleapis[.]com” to host the phishing page.
Check Point researchers warn and cite an example of a fast-growing trend in which hackers are concealing phishing attacks on Google Cloud Services.