Compute hackers are utilizing a new malicious tactic attempting to trick end user into falling victim to dangerous attack. This time the campaign is set on remote workers that work for well-known companies. The criminals are creating fake and fraud sites of landing pages and login prompts of Google and Microsoft.
Hackers Impersonate Sites and Tools Used by Google and Microsoft Remote Workers
The COVID-19 pandemic is used as one of the key factors by the criminals as the company employees usually work remotely. By logging in to the fake landing pages they are led to believe that they are accessing internal networks and tools. Following the ongoing COVID-19 pandemic computer criminals are actively trying to find new tactics and strategies in order to hack into their prescribed targets. The majority of attacks are done by creating form-based pages which are created by the malicious group. This can be used in several phishing strategies including the following:
- Malware Files Distribution — Through fake forms the hackers can distribute dangerous malware such as Trojan horse infections which are used to take over control of the victim machines. Alternative uses for them include files theft and constant surveillance.
- Landing Pages — The hackers can impersonate login prompts and internal company landing pages which can be hosted on similar sounding domain names. A lot of the attempts are made by people who know how the legitimate services are designed and have created almost exact copies which include malicious links and content.
- Fraud Redirects — The criminals can create dangerous redirects which can redirect the users to a hacker-controlled page from where they can be scammed into entering personal or account data.
The latest large-scale attack occurred between January and April 2020 and the majority of them targeted well-known services such as OneDrive, Office Online and Mailchimp among others. The reason for choosing Google and Microsoft services is because they are well-known and widely used by remote workers. Most of them are free and easy to use thereby being used by a lot of people around the world.