Criminals exploiting trusted brands in phishing attacks


By Dylan Bushell-Embling
Friday, 12 May, 2023

Criminals exploiting trusted brands in phishing attacks

Cybercriminals are increasingly exploiting trust in established technology brands including Microsoft and Adobe to target victims with phishing and smishing (SMS phishing) campaigns, according to Avast’s Threat Report for Q1 of 2023.

The report identified a 40% increase in the share of phishing and smishing attacks over the past year, including a rise in refund and invoice scams, involving criminals sending fake bills for invoices or goods that were never ordered or received.

This quarter’s report identified an increase in the abuse by cybercrooks of two popular applications commonly used for work: Microsoft OneNote and Adobe Acrobat Sign.

For example, scammers are sending out Microsoft OneNote files as email attachments to victims that trigger the download of malware when opened by victims, the report states.

Other cases involved cybercriminals exploiting Adobe Acrobat Sign by adding malicious links into documents that are sent from legitimate Adobe email addresses.

According to the report, two in three threats encountered online today use social engineering techniques in attempts to steal sensitive data like passwords, tax file numbers and other personally identifiable information.

If this sensitive data falls into the wrong hands, it can lead to serious adverse consequences ranging from scammers selling information on the dark web to impersonating victims to pass background checks, Avast Malware Research Director Jakub Kroustek said.

“If you think your data has no value then why would scammers spend so much time trying to steal your data if it’s worthless? The truth is that anyone can be affected, and it is important to stay vigilant and use proper protection,” he said.

“Unfortunately, scammers have made it nearly impossible to take any message at face value — all communications, whether seemingly from a friend, boss or household brand, have potential to be fraudulent.”

Image credit: iStock.com/adventtr

Related News

Tenable launches autonomous patch management tool

The new Tenable Patch Management add-on allows teams to prioritise and even automate the...

Veeam launches updated Veeam Data Platform

The newest release of the Veeam Data Platform introduces capabilities such as a recon scanner for...

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd