CYBER NEWS

Fake Google and Microsoft Sites Lure in Remote Company Employees

Compute hackers are utilizing a new malicious tactic attempting to trick end user into falling victim to dangerous attack. This time the campaign is set on remote workers that work for well-known companies. The criminals are creating fake and fraud sites of landing pages and login prompts of Google and Microsoft.




Hackers Impersonate Sites and Tools Used by Google and Microsoft Remote Workers

The COVID-19 pandemic is used as one of the key factors by the criminals as the company employees usually work remotely. By logging in to the fake landing pages they are led to believe that they are accessing internal networks and tools. Following the ongoing COVID-19 pandemic computer criminals are actively trying to find new tactics and strategies in order to hack into their prescribed targets. The majority of attacks are done by creating form-based pages which are created by the malicious group. This can be used in several phishing strategies including the following:

  • Malware Files Distribution — Through fake forms the hackers can distribute dangerous malware such as Trojan horse infections which are used to take over control of the victim machines. Alternative uses for them include files theft and constant surveillance.
  • Landing Pages — The hackers can impersonate login prompts and internal company landing pages which can be hosted on similar sounding domain names. A lot of the attempts are made by people who know how the legitimate services are designed and have created almost exact copies which include malicious links and content.
  • Fraud Redirects — The criminals can create dangerous redirects which can redirect the users to a hacker-controlled page from where they can be scammed into entering personal or account data.
Related:
A new Confiant report explores "the details behind a recent spree of website hacks" as well as the malicious payloads delivered to victims.
The State of Malvertising and Drive-By Downloads in 2020

The latest large-scale attack occurred between January and April 2020 and the majority of them targeted well-known services such as OneDrive, Office Online and Mailchimp among others. The reason for choosing Google and Microsoft services is because they are well-known and widely used by remote workers. Most of them are free and easy to use thereby being used by a lot of people around the world.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...