According to the analysis, a number of Google-branded sites, such as storage.googleapis.com, docs.google.com, storage.cloud.google.com and drive.google.com, were used to try and trick victims into sharing login credentials. Google-branded attacks were far in excess of those impersonating Microsoft, with the sites onedrive.live.com, sway.office.com and forms.office.com making up 13% of attacks.

Other form-based sites used by attackers included sendgrid.net (10%), mailchimp.com (4%) and formcrafts.com (2%).

Overall, the use of the Google brand by cyber-criminals to trick users appears to be increasing: Barracuda Networks observed Google-brand impersonation attacks represented 4% of all spear-phishing attacks during the first four months of 2020. This figure is expected to rise, as it has proved to be successful in the harvesting of credentials.

Steve Peake, UK systems engineer manager, Barracuda Networks, outlined: “Brand-impersonation spear-phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cyber-criminals are taking the opportunity to flood people’s inboxes with these scams. The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users.”

There has been a substantial rise in phishing attacks recently as a result of the increase in people working from home during the COVID-19 pandemic, with security systems and practices difficult to maintain for many businesses in these circumstances.

Barracuda Networks added that security methods such as multi-factor identification and email security software are especially vital for organizations at this time.

At 1-fix, we take a realistic approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.