Cybercriminals recently launched a Google Drive-based credential phishing campaign against an energy company, according to phishing awareness training provider Cofense. By leveraging Google Drive, the phishing attack bypassed the email security stack and reached end users.
During the phishing campaign, hackers sent an email to energy company employees via Google Drive, Cofense said. The email appeared to be sent on behalf of the company's CEO but came from an email address that did not fall within the business' typical email naming convention. Also, the hyperlink within the email body linked to an actual Google Drive share; this ensured the email was marked as "non-malicious" by email security tools.
Once a user accessed the document on Google Drive, he or she was presented with an explanation of a public business decision and asked to view the related document via another hyperlink, Cofense noted. If the user then opened the hyperlink inside the Google Drive document, he or she was redirected to a fake login page. And if the user entered his or her credentials, the credentials were exfiltrated back to the threat actor for use at a later time.
How to Guard Against Phishing Attacks
Phishing attacks are major threats to organizations across all industries, but tools are available to guard against these attacks.
Ironscales, an automated phishing prevention, detection and response platform provider, and MSSP BDO Managed Detection and Response (MDR) in May partnered to launch a managed phishing detection and response (MP-DR) solution. Organizations can use the Ironscales-BDO MDR joint solution to protect against phishing, malware and business email compromise (BEC) attacks.
Furthermore, security awareness training provider KnowBe4 in April released Phishing Reply Test (PRT), a web-based tool that helps organizations determine if their employees will respond to phishing emails. PRT tests employees on common scenarios for targeted phishing attacks and allows an organization to select and send an email template to employees and phish for responses.