Google and Microsoft are the most impersonated brands in cyber attacks, according to research by Barracuda Networks.
Google file sharing and storage websites were used in 65% of the
100,000 form-based attacks detected by Barracuda in the first four months of this year.
The fraudulent domains included storage.googleapis.com (25%), docs.google.com (23%),
storage.cloud.google.com (13%), and drive.google.com (4%).
Microsoft brands were utilized in 13% of the detected attacks. The frauds included onedrive.live.com (6%), sway.office.com (4%), and
forms.office.com (3%).
The other impersonated brands included sendgrid.net (10%), mailchimp.com (4%), and formcrafts.com (2%).
All other sites constituted 6% of form-based
attacks.
There were 28,275 form-based attacks in January, 18,376 in February, 27,373 in March an 24,508 in April, according to Barracuda.
Cyber criminals rely on three main
tactics in form-based attacks:
- Using legitimate sites as intermediaries.
- Creating online forms for phishing.
- Getting access to accounts with passwords.
Barracuda advises firms to protect themselves with API-based inbox defense, multi-factor authentication and security education.