Phishing in the Clouds

Again on Phishing, this time with a new twist.

We all know and by now use complex SaaS Cloud services, like Microsoft’s Office 365, Google’s G Suite, Amazon services and so on. They are all very modular, meaning that there are multiple data storage services and multiple application services from which to choose and use. Often a user must authorise a Cloud App to access her/his own data, and the App can be also by an external provider (a “partner” of the service). The Authorisation is usually implemented with OAuth which, in a few words, is a secure delegation access protocol based on the exchange of cryptographic keys.

So what is the scam? Simple: you receive an email which looks like coming from [name your Cloud provider here] and asks you to authorise an App (which looks authentic) to access your data. You do not need to insert any password since you are already logged-in your Cloud service platform, but just to click on the button, and that’s it!

You have given access to all your Cloud data and services to a fraudster, who can get your data and act as you!

For more details read for example this article by ArsTechnica.

Record High Number of Phishing Attacks in Q1 2016

From the APWG press release: “The Anti-Phishing Working Group (APWG) observed more phishing attacks in the first quarter of 2016 than at any other time in history” (here is the full report).

This is hardly surprising, but it quantifies with numbers the latest news about online frauds, like the “CEO Fraud”, the “Business Email Compromise” (eg. see this FBI announcement) etc.