Criminals exploiting trusted brands in phishing attacks

Cybercriminals are increasingly exploiting trust in established technology brands including Microsoft and Adobe to target victims with phishing and smishing (SMS phishing) campaigns, according to Avast’s Threat Report for Q1 of 2023.

The report identified a 40% increase in the share of phishing and smishing attacks over the past year, including a rise in refund and invoice scams, involving criminals sending fake bills for invoices or goods that were never ordered or received.

This quarter’s report identified an increase in the abuse by cybercrooks of two popular applications commonly used for work: Microsoft OneNote and Adobe Acrobat Sign.

For example, scammers are sending out Microsoft OneNote files as email attachments to victims that trigger the download of malware when opened by victims, the report states.

Other cases involved cybercriminals exploiting Adobe Acrobat Sign by adding malicious links into documents that are sent from legitimate Adobe email addresses.

According to the report, two in three threats encountered online today use social engineering techniques in attempts to steal sensitive data like passwords, tax file numbers and other personally identifiable information.

If this sensitive data falls into the wrong hands, it can lead to serious adverse consequences ranging from scammers selling information on the dark web to impersonating victims to pass background checks, Avast Malware Research Director Jakub Kroustek said.

“If you think your data has no value then why would scammers spend so much time trying to steal your data if it’s worthless? The truth is that anyone can be affected, and it is important to stay vigilant and use proper protection,” he said.

“Unfortunately, scammers have made it nearly impossible to take any message at face value — all communications, whether seemingly from a friend, boss or household brand, have potential to be fraudulent.”

Image credit: iStock.com/adventtr