Remote workers have been targeted by up to 65,00 Google-branded impersonation attacks, according to a new study from cybersecurity specialist Barracuda Networks. This type of scam, called “spear phishing,” uses branded sites to trick victims into sharing their login credentials.
Barracuda detected nearly 100,000 form-based attacks between January 01 and April 30. Google file-sharing and storage websites were used in 65% of those attacks, Barracuda said. Microsoft brands were targeted in 13% of attacks.
Google brand-impersonation attacks accounted for 4% of all spear phishing attacks in the first four months of 2020, and Barracuda said it expects that number to climb as cyber criminals have success in stealing credentials.
“Brand-impersonation spear phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cyber criminals are taking the opportunity to flood people’s inboxes with these scams,” said Steve Peake, UK systems engineer for Barracuda Networks. “The sophistication of these attacks has accelerated in recent times; now, hackers can even create an online phishing form or page using the guise of legitimate services… to trick unsuspecting users.”
Peake recommended that users implement multi-factor authentication steps on all login pages “so that hackers will require more than just a password to gain access to your data.” He also recommended other methods of protection, including API-based inbox defense, which uses artificial intelligence to detect and thwart cyberattacks.