IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Brand-impersonation and form-based attacks are rising

Google sites alone accounted for 65% of all form-based attacks between January and April

Hacking on keyboard

Brand-impersonation attacks using Googlebrandforms to dupe victims into sharing login credentials are reportedly on the rise.

Barracuda researchers have observed steady detections of spear-phishing campaigns throughout the first part of 2020, and form-based attacks made up 4% of them between January and April. Barracuda expects the number of these attacks to rise too. 

In these form-based attacks, scammers are using file and content sharing, and sites like Google Drive and sway.office.com to trick victims into handing over their login credentials. Users typically receive a phishing email containing a link to one of these websites, making this hacking technique difficult to detect for some. 

Of the nearly 100,000 form-based attacks detected by Barracuda between Jan. 1, 2020 and April 30, 2020, threat actors used Google file sharing and storage websites in 65% of their attacks. According to Barracuda, that number includes storage.googleapis.com (25%), docs.google.com (23%), storage.cloud.google.com (13%), and drive.google.com (4%). 

In comparison, Microsoft brands were used in 13% of attacks. Other brands used include sendgrid.net (10%), mailchimp.com (4%), and formcrafts.com (2%).

According to Barracuda, the three most common tactics used in these form-based and brand-impersonation attacks include:

  • Using legitimate sites as intermediaries: By impersonating emails from sites like OneDrive, attackers can lead unsuspecting victims to phishing sites via a legitimate file-sharing site. “The attacker sends an email with a link that leads to a file stored on a site like sway.office.com, for example. The file contains a picture with a link to a phishing site asking for credentials to login,” says Barracuda. 
  • Crafting online forms geared towards phishing: Attackers create and send an online form that resembles a login page of a legitimate service but is ultimately designed to harvest a user’s credentials.
  • Gaining access to accounts without passwords: In this attack, a hacker sends a phishing email containing a link to what appears to be a legitimate login page. This link also contains a request for an app access token. After a user enters their credentials, they are presented a list of app permissions to accept. By accepting these permissions, users give up their password information while also granting the attacker’s app an access token that allows them to use a user’s login credentials. 

Fortunately, there are ways users can protect themselves from these brand-impersonation attacks. By using an API-based inbox defense tool, users can prevent phishing emails from entering their inboxes. 

Tools such as multi-factor authentication can also protect user accounts from attackers. And as always, keeping up to date on the latest phishing attacks is a worthwhile defense too.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

HackerOne employee fired for using position to steal bug bounties
Security

HackerOne employee fired for using position to steal bug bounties

4 Jul 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021

Most Popular

Raspberry Pi launches next-gen Pico W microcontroller with networking support
Hardware

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022
Xerox CEO John Visentin dies unexpectedly aged 59
Careers & training

Xerox CEO John Visentin dies unexpectedly aged 59

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022