Surge in File-Sharing Phishing Attacks: How Businesses Can Protect Themselves

Phishing attacks have evolved significantly, with a 350% year-over-year increase in file-sharing phishing incidents according to a new report from Abnormal Security. These attacks exploit legitimate business tools, making them difficult to detect. Cybercriminals use platforms like Dropbox and DocuSign to send emails that appear genuine, tricking employees into revealing sensitive information or downloading malware.

Business Email Compromise (BEC) and Vendor Email Compromise (VEC)

BEC and VEC attacks remain persistent threats, growing by over 50% between H2 2023 and H1 2024. These attacks use social engineering to bypass traditional security measures, posing significant risks to businesses.

File-Sharing Phishing Attacks

File-sharing phishing attacks are particularly malicious because they mimic common business practices. Attackers impersonate trusted contacts or services, sending emails that appear to contain shared files. Once the recipient clicks the link, they may be prompted to enter credentials or download malware. Using legitimate platforms for these attacks increases their credibility and success rate.

Techniques and Tactics

• Impersonation and Social Engineering: Attackers use generative AI tools to craft emails with perfect grammar and syntax, making them indistinguishable from legitimate messages.
• Use of Legitimate Platforms: By leveraging platforms that offer free registration, attackers can send emails that appear authentic, further complicating detection.
• Evasive Techniques: Cybercriminals use URL shorteners and open redirect vulnerabilities to mask malicious links, making them harder to detect by traditional security solutions.

Impact on Businesses

The rise of remote and hybrid work environments has increased the use of file-sharing services, providing more opportunities for attackers. The volume of these attacks is expected to continue growing as cybercriminals capitalize on these changes in work habits.

Businesses need to adopt advanced cybersecurity solutions to protect against these sophisticated threats. Yeo & Yeo Technology can help by providing comprehensive cybersecurity services tailored to your organization’s needs. Our solutions are designed to detect and mitigate the latest phishing threats, ensuring your business remains secure in an increasingly digital world.

Information used in this article was provided by our partners at KnowBe4.