Cybercriminals Exploit Trusted Content Creation Platforms for Phishing Attacks, Reports Barracuda

New research reveals a shift in cybercriminal strategies, with a focus on exploiting widely trusted online platforms to conduct phishing attacks and bypass detection.

Singapore, September 17, 2024 – Cybercriminals are increasingly targeting popular content creation and collaboration platforms, commonly used by educational institutions, designers, and businesses, to orchestrate sophisticated phishing attacks, as outlined in new research by Barracuda Networks.

The research highlights how these platforms, which attract millions of users globally, are being misused to embed phishing links within emails disguised as legitimate posts, designs, or documents. Once clicked, these links redirect victims to fraudulent login pages or deceptive websites, aiming to steal sensitive data such as login credentials and personal information.

The surge in the use of content creation platforms is evident in Singapore and the broader Asia-Pacific (APAC) region, where the growing demand for digital engagement and creative outlets is on the rise. In Singapore, over 85% of the population now actively participates in content creation and sharing activities, making these platforms indispensable.

Saravanan Govindarajan, Manager of Threat Analysis at Barracuda, stated, “The rise in phishing attacks exploiting trusted content creation and collaboration platforms signifies a shift in cybercriminal behaviour, as they increasingly misuse reputable online communities to evade detection and prey on the trust users place in these platforms. It is crucial for individuals and organisations in Singapore, and across the Asia-Pacific, to stay alert and implement strong security protocols capable of identifying and adapting to emerging threats.”

This research forms part of Barracuda’s ongoing analysis of email-based threats, highlighting how cybercriminals are continually refining their tactics to improve their success rates and avoid detection by advanced security systems.

Examples of these evolving tactics include leveraging QR codes, popular webmail platforms, and URL shorteners, as well as sophisticated infostealers designed to exfiltrate vast amounts of data.

To mitigate these risks, Barracuda advises users to exercise caution when clicking on links from unsolicited emails or unfamiliar senders. Potential warning signs include suspicious calls to action or unexpected landing pages, such as being asked to input Microsoft login credentials on non-Microsoft services. Employing email protection solutions that incorporate multilayered, AI-driven detection capabilities can further help to prevent these phishing attempts from reaching inboxes.