New Phishing Campaign Abuses Cloud Services

Thursday, August 20, 2020

A new phishing campaign uses several legitimate enterprise cloud services as part of an attempt to steal login credentials.

This new phishing campaign pretends to come from a help desk named “” that mimics similar wording used by real IT helpdesk domains. Using three well-known enterprise solutions like IBM Cloud hosting, Microsoft Azure and Microsoft Dynamics to host the phishing landing pages adds legitimacy to the threat. Increasing cases of phishing campaigns abusing legitimate cloud solutions are on the rise and they add legitimacy to the phishing attacks. The increased complexity allows attackers to potentially bypass spam filters and security products.

Organizations can take several measures to better protect their remote workforce from such attacks by educating them to spot phishing tactics, requiring the use of publisher-verified apps and only allowing employees to OAuth apps trusted by the organization or provided by verified publishers.

At the end of the day, however, the best defense is to raise the awareness of phishing attacks among all individuals. The end user is the best and last line of defense of our networks and data and prevention of confidential data breach/loss. STOP! THINK! CONNECT!