Hackers Using Fake Emails from Trusted Tools to Steal Small Business Credentials
Small businesses beware! Cybercriminals are impersonating Google Docs, Microsoft Outlook and other trusted services to trick you into giving up your logins.
Latest Phishing Emails
The latest Barracuda Threat Spotlight details how the criminals use the stolen credentials for fraud or specific spear phishing campaigns that further attack the targeted business. And they’re using the tools that small businesses use every day so you’ve got to be on your toes and aware of all the links you’re clicking.
What They’re About
The spoof emails using popular web services as bait are particularly cunning. There’s no malicious attachment to tip users off and the links are unique so they’ve never been put on any blacklists.
Even common email security systems can be fooled because some of the links go to credible small business websites.
How They Work
Once on the fake sign in page, victims unwittingly provide their username and password. The criminal then remotely logs into an Office 365 or other email accounts and launches these spear phishing attacks.
The attackers also send emails to other employees in the same business or people outside the organization in the hopes of getting them to transfer money to a fraudulent account.
What Small Businesses Can Do
The best bet to stop this evolving type of attack is artificial intelligence that includes real-time spear phishing protection.
Along with regular staff training about any new threats, products incorporating AI can detect and quarantine malicious emails.
Products like Barracuda Sentinel use signals in the email metadata and body to separate normal emails from popular web services from malicious ones.
Photo via Shutterstock
This article, “Hackers Using Fake Emails from Trusted Tools to Steal Small Business Credentials” was first published on Small Business Trends