DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Archive

How Scammers Targeted Google Docs & Microsoft Sway to Steal User Credentials

DigitalCIO Bureau by DigitalCIO Bureau
August 20, 2023
in Archive
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Recently, researchers revealed that hackers targeted Google Docs and Microsoft Sway to steal user credentials. Read on to know more about it…

Amid the global pandemic, cybercriminals are increasingly using coronavirus as a lure to trick unfocused users by capitalising on their fear and uncertainty.

Security researchers disclosed that they have identified a new type of impersonation attack that is using Google file sharing and storage websites like Google Docs to trick victims into sharing login credentials.

Of the nearly 100,000 form-based attacks detected between January 1 and April 30, Google Docs were used in 65 per cent of attacks, making up 4 per cent of all spear-phishing attacks in the first four months of 2020, said Barracuda Networks, a leading provider of cloud-enabled security and data protection solutions.

Modus Operandi
In this type of brand impersonation attack, scammers leverage file, content-sharing, or other productivity sites like docs.google.com or sway.office.com to convince victims to hand over their credentials. The hackers impersonated emails that appear to have been generated automatically by a legitimate file-sharing site such as OneDrive and takes their victim to a phishing site through a legitimate file-sharing site.

Another tactic is creating an online form using legitimate services like forms.office.com. The forms resemble a login page of legitimate service, and the link to the form is then included in phishing emails to harvest credentials. The security researcher said that these impersonation attacks are difficult to detect because they contain links pointing to legitimate websites that are often used by organizations.

Getting access to accounts without passwords is another attack variant where the original phishing email contains a link that looks like a usual login page. The link contains a request for an access token for an app. After login credentials are entered, the user is presented with a list of app permissions to accept. By accepting these permissions, the attacker can get to use the same login credentials to access the account. Even two-factor authentication cannot refrain the spammers to perform such phishing attacks as the malicious app gets approved by the user to access accounts.

Magnitude of Attacks
In the recent form-based attacks, attackers leveraged 25 per cent storage.googleapis.com, 23 per cent docs.google.com, 13 per cent storage.cloud.google.com and 4 per cent drive.google.com.

In comparison, Microsoft brands were targeted in 13 percent of attacks: onedrive.live.com (6 per cent), sway.office.com (4 per cent), and forms.office.com (3 per cent). The other sites used in impersonation attacks include sendgrid.net (10 per cent), mailchimp.com (4 per cent), and formcrafts.com (2 per cent). All other sites made up six percent of form-based attacks.

Mitigation
While such attacks cannot be eliminated easily, business organisations can establish strategies that use artificial intelligence to detect and block attacks, such as account takeover and domain impersonation. They must also have a solution in place that uses machine learning to analyse normal communication patterns within your organization, instead of relying solely on looking for malicious links or attachments. They must also facilitate multi-factor authentication and two-step verification for online accounts that can provide an additional layer of security beyond username and password, such as an authentication code, thumb print, or retinal scan. Organisations must track IPs that exhibit other suspicious behaviors, including failed logins and access from suspicious devices.

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

SE Labs Award Validates NetApp’s Status as the World’s Most Secure Storage

by DigitalCIO Bureau
July 8, 2025
0

NetApp has announced that it was recognized as a standout performer in cybersecurity in the SE LABS  Awards 2025. NetApp won the 2025 SE Labs Award for Enterprise...

Read moreDetails

India’s Digital Identity Surge Comes with Rising Concerns Around AI and Trust: Okta Report

by DigitalCIO Bureau
July 3, 2025
0
The Evolving Role of AI in Data Protection

Indian consumers continue to rapidly adopt digital technologies while navigating unique challenges in trust and security, reveals the 2025 Customer Identity Trends Report from Okta, The World’s Identity...

Read moreDetails

Pax8 Introduces Era of Managed Intelligence

by DigitalCIO Bureau
June 19, 2025
0
Pax8 Introduces Era of Managed Intelligence

Pax8 has released its inaugural research report, The Agentic Inflection Point: And the Rise of the Managed Intelligence Provider. The comprehensive study defines the future of small-to-midsized business (SMB) operations, transformed...

Read moreDetails

Barracuda Unveils AI-Powered Cybersecurity Platform BarracudaONE in India

by DigitalCIO Bureau
June 3, 2025
0

Barracuda Networks has unveiled the BarracudaONE AI-powered cybersecurity platform. BarracudaONE maximizes threat protection and cyber resilience by unifying layered security defenses and providing deep, intelligent threat detection and response for...

Read moreDetails

Check Point Acquires Veriti To Minimize Digital Vulnerabilities

by DigitalCIO Bureau
May 28, 2025
0
Check Point Acquires Veriti To Minimize Digital Vulnerabilities

Check Point Software Technologies has announced a definitive agreement to acquire Veriti Cybersecurity, the first fully automated, multi-vendor pre-emptive threat exposure and mitigation platform. “The acquisition of Veriti...

Read moreDetails
Next Post

Google responds to European Commission's call for responsible AI

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

More Than 50% of CDAOs Will Secure Funding for Data Literacy and AI Literacy Programs by 2027

Pega introduces Pega GenAI coach to intelligently guide users to do their best possible work

April 18, 2024
CRISIL To Acquire Bridge To India Energy

Hornetsecurity Group Acquires French Email Security Provider Altospam

April 5, 2025

Amazon to add 10,000 electric vehicles (EV) into its delivery fleet by 2025

January 20, 2020

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Barracuda Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare Commvault CrowdStrike Cybersecurity Digital Transformation Dynatrace E-books Fortinet Gartner GenAI Generative AI Google Cloud HCLTech Honeywell IBM Infographics Internet of Things (IoT) Kaspersky Microsoft Netskope NTT DATA Palo Alto Networks Panel Discussion Qlik Salesforce ServiceNow Sophos Tenable Trend Micro Veeam Veeam Software Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?