When it comes to file sharing, today we have a wide variety of options such as Box, Dropbox, Google Drive, Microsoft One Drive, We Transfer, and many more. These services enable us to share big files with ease, as well as store them in the cloud, sync them across numerous devices, and collaborate on them with others.
When we receive an attachment on one of these platforms from a friend, colleague, or client, we’re much more likely to click it versus opening a file from someone we don’t know. Of course, cybercriminals know this, so now they’re launching phishing attacks to people using a spoofed, compromised, or hijacked account. Here’s how these attacks work—and some of the ways you can protect yourself and your organization.
Phishing Attacks on File Sharing Sites
To launch phishing attacks through a file sharing site, cybercriminals first need to take over an email account. To get the credentials they need to do this, they generally use other forms of phishing, such as impersonating an Office 365, G-Suite or other popular web services sign-in page.
Once a victim has entered their credentials, the cybercriminal is free to use the account to send emails to other people—sometimes hundreds of them The messages are usually just a brief line of text followed by a link to a shared document. While most people today know not to click on a link from a stranger, the email is coming from a recognized individual’s account, upping the trust factor considerably. When the link is clicked, victims are generally be taken to a spoofed domain page, giving the cybercriminals yet another set of credentials to abuse.
This file sharing scam can quickly snowball, with more and more recipients becoming victims of the phishing scam.
The Google Doc File Sharing Phishing Scam
In 2017, a nasty phishing scam that impersonated a Google Docs request was making the rounds and over one million email accounts were targeted. Users received an email that looked like it was sent from one of their contacts. The message inside stated the email recipient was added to Google Docs. When the link to the site was clicked, a Google login screen appeared.
If the user entered their username and password, a malicious program would start granting permission to access the user’s email and contacts. While Google was eventually able to neutralize the phish, and put an abuse team in place to prevent it from spreading, it’s really only a matter of time before this happens again.
"The importance of this phish is not how it spread, but rather how it didn’t use malware or fake websites tricking users to give up their passwords," Aaron Higbee, who analyzed data from the fake Google Docs campaign, told Wired. "This phish worked because it tricked the user into granting permissions to a third-party application. This is the future of phishing."
Protecting Yourself from File Sharing Phishing Attacks
When hackers are able to access email accounts within a company, these credentials can be sold on the black market. The more reputable the domain, the more money they can make; buyers will often use the compromised account to launch spear phishing attacks with the goal of tricking recipients into sending funds, usually in the form of a wire transfer or gift cards.
Info Security Magazine recently revealed that the average cost of a spear phishing attack is $1.6 million dollars! With so much money to be made, file sharing phishing scams are not going away any time soon. While most file-sharing platforms do their best to protect against file sharing phishing scams, cybercriminals will always find a vulnerability and exploit it for financial gain.
Google, Dropbox, and others offer tips for their individual platforms on safety pages, but education is key. Employees at every level need to be trained and tested to increase their security awareness. Of course, relying on a human firewall is bound to backfire at some point, as all people are fallible, especially when they’re receiving possibly hundreds of emails per day.
The best defense against file sharing phishing scams is to use an anti-phishing software such as Clearedin. Working in the background, Clearedin assesses emails to determine whether or not they pose a phishing threat and checks links embedded within emails and analyzes email addresses for spoofing attempts. Suspicious emails are flagged so users immediately are aware of the risk, and the emails are temporarily locked so that users can’t click on links, download attachments, or reply to or forward the emails. Clearedin seamlessly integrates with Office 365, G Suite, and Slack helping to put an end to file sharing phishing attacks for good.