Cloud collaboration platforms exploited in phishing attacks

Popular cloud collaboration and file sharing platforms like Adobe, DocuSign, Dropbox, Canva, and Zoho are being misused in phishing attacks due to their widespread adoption by businesses and individuals.

Research by Cofense finds 8.8 percent of all credential phishing campaigns in 2024 used these websites. Among campaigns exploiting these online document sites 79 percent of all cases containing the domains were credential phishing attacks.

Because these are all trusted domains, commonly used both by the public and with internal documents at companies, many secure email gateways (SEGs) automatically allow links to them to enter user email inboxes. Some services also send automatic notifications to users when a document is shared, making the phishing attempts appear legitimate.

The researchers also note that some services, like DocuSign, have features that unwittingly benefit attackers, such as link expiration mechanisms that get in the way of post-attack investigations.

Dropbox is the service most targeted by these attacks, making up 25.5 percent of all abused online document-hosting services. Adobe and SharePoint are next, each accounting for 17 percent of abused hosting services. DocuSign is a close third with just over 16 percent, while Google Docs makes up 11 percent. Zoho only accounts for four percent, though the service saw a major spike in attacks in December of last year.

You can read more on the Cofense blog.

Image credit: Teerasan/depositphotos.com