Whitelisted Website Links New Attack Vector for Cybercriminals
People have been using disguises for centuries to commit crimes. Cybercriminals are not wearing masks to infiltrate your system, instead, they’re using links from trusted websites to do the dirty work for them.
Lots of antimalware programs like Norton will identify odd-looking links and files and block them from ever getting into your inbox, eliminating the threat of clicking on something you should not. But as they constantly do, hackers think of new ways to outsmart the system, outthink the machine, and prey on people’s natural blind spots when it comes to trusting things that seem to look like they are real. The biggest methods of this style of attack are malicious links from the likes of iCloud, Dropbox, Google Drive, and OneDrive. Because so many people associate these services with legitimate personal or business purposes, they don’t think twice about clicking a link for them. The same thing happens with antimalware and other security systems. They whitelist links from these sites – meaning they’re pre-approved as being safe for entry into your inbox. When hackers can gimmick the links into containing or leading to malware, they can prey on you and your system’s trust.
Breaking down the attack
Creating a fake link takes a few steps. First, the hacker creates or uploads the malicious document to a cloud storage account as either a raw or zipped file. Then they share it through email or some other format with a name and subject title that make it sound legitimate to potential victims. It might come across your email titled as an invitation to a Zoom call, an invoice, a file to view, or a statement of work or a contract. The hacker will pair the email to match with the individual’s job title and/or responsibilities in an attempt to get them to click on something without giving it a second thought. Once the link is clicked, the user will be taken to a fake website emulating the real one and asking for their username/password as many sites do when you sign in from a different source. Once those credentials are entered, the program sends them to the hacker who now has access to your credentials for a particular site. Other variations steal your credentials and inject spyware into your computer at the same time to follow your progress and find other things to swipe in your system.
Keeping Yourself Safe
Regardless of how legitimate a link looks, if you don’t have the email’s sender in your address book you seriously need to think twice about even opening it, much less clicking the link inside. Hackers will mask their own identities with covers like “Accounting Department” or “Zoom Invite” to lure people into clicking messages because they seem realistic. If you get all the way to the part where you log in with your own credentials and things do not seem right, open another browser and login there to your OneDrive or another account, then refresh the page where it’s asking for your information. If it’s legitimate, it will load automatically. If it’s not, it won’t.