• by Ray Schultz , May 28, 2020

Google and Microsoft are the most impersonated brands in cyber attacks, according to research by Barracuda Networks. 

Google file sharing and storage websites were used in 65% of the 100,000 form-based attacks detected by Barracuda in the first four months of this year.

The fraudulent domains included storage.googleapis.com (25%), docs.google.com (23%), storage.cloud.google.com (13%), and drive.google.com (4%).

Microsoft brands were utilized in 13% of the detected attacks. The frauds included onedrive.live.com (6%), sway.office.com (4%), and forms.office.com (3%).

The other impersonated brands included sendgrid.net (10%), mailchimp.com (4%), and formcrafts.com (2%). 

All other sites constituted 6% of form-based attacks.

There were 28,275 form-based attacks in January, 18,376 in February, 27,373 in March an 24,508 in April, according to Barracuda. 

Cyber criminals rely on three main tactics in form-based attacks: 

1. Using legitimate sites as intermediaries.
2. Creating online forms for phishing.
3. Getting access to accounts with passwords.

Barracuda advises firms to protect themselves with  API-based inbox defense, multi-factor authentication and security education.