Phishing fraudsters set their sights on online storage portals

Banking and e-commerce attacks take a back seat to offensive against One Drive and Dropbox

Online productivity suites and storage portals have become a prime target for enterprise-focused phishing scams.

Rapid7’s latest quarterly threat report (PDF) discovered businesses are increasingly faced with new “fake login” phishing pages, mostly mimicking Microsoft, Office 365, and One Drive sites and landing pages.

For example, 16% of the entertainment industry was targeted by Dropbox phishing pages.

As attack against Google Docs and Office 365 have increased, assaults on e-banking websites had dropped back into the background. For example, 23% of the construction industry experienced an incident related to Office 365 phishing pages, with another 13% related to One Drive.

Elsewhere, 4% of administrative businesses were directed to a Bank of America phishing page, with another 4% directed to DocuSign.

Rapid7 Labs logged an increase in the volume, diversity, and complexity of phishing campaigns utilizing fake versions of banking site and popular cloud service login pages during Q3 2018.

Fake pages were designed to either capture credentials, deploy malware on the victims’ systems or (not infrequently) both.

"Virtually all of Q3’s incidents involving malware started as a result of phishing, and over half of those were part of the prolific and highly destructive Emotet+Hedeo malware campaigns,” according to Rapid7.

How organisations configure their email domains can make a big difference to whether or not attacks are successful.

“Every organization should review their external DNS configuration to ensure it is safe from DoS attacks or domain takeover… and should prioritize the adoption of key safety features such as DKIM, DMARC, SPF and MTA-STS to help protect the organization from phishing attacks and ensure the confidentiality and integrity of inbound and outbound email communications,” it advised.

RSA’s latest quarterly fraud report, also out this week, found that phishing scams were the most prolific tactic for scammers, accounting for 50% of all fraudulent attacks observed by the security vendor in Q3, and showing a 70% increase from Q2 2018.

A steep rise in the volume of phishing during the third quarter of the year is not all that unusual, according to RSA.

“Fraudsters are usually more active now as they will be seeking to harvest fresh credential to commit fraud during holiday shopping periods, such as Black Friday and Cyber Monday,” it warned.