Hackers attacked Indian firms on average 2,444 times per week in last 6 months: Report
According to the cyber security platform provider Check Point Software, at present, over 90 per cent of attacks on companies originate from malicious emails.
Cyber-security researchers on Monday said they have discovered several freemium software-as-a-service (SaaS) platforms that scammers abuse to conduct phishing campaigns against popular companies.
Cyber-security researchers on Monday said they have discovered several freemium software-as-a-service (SaaS) platforms that scammers abuse to conduct phishing campaigns against popular companies.
Most of these campaigns targeted Indian banking, financial services, and insurance (BFSI) customers.
Advertisement
Threat actors have resorted to using legitimate SaaS platforms to host phishing pages at a minimal/no cost. These short-lived and easy-to-host phishing pages are also difficult to trace back to the actors responsible, according to cyber-security firm CloudSEK.
Advertisement
SaaS products and services usually offer free or low-cost trials.
While this has allowed users across the world to try out services before subscribing or buying the products, it also provides an opportunity for threat actors to pose as legitimate users and misuse the products to defraud consumers.
The CloudSEK team identified several such incidents, especially targeting banking customers, and released advisories to inform the affected SaaS companies and the public.
Scammers were able to evade detection by cleverly exploiting the following user-friendly services provided by each of these platforms.
“Cybercriminals always try to use free services for phishing campaigns to maximize their profits. Developer-focused platforms like Cloudflare Pages and Firebase Hosting provide certain features such as GitHub integration, which are easily abused to create phishing domains,” the researchers noted.
Advertisement