Hackers Using Fake Emails from Trusted Tools to Steal Small Business Credentials

Latest Phishing Emails: Hackers Using Fake Emails from GSuite, DocuSign to Steal Your Credentials

Small businesses beware! Cybercriminals are impersonating Google Docs, Microsoft Outlook and other trusted services to trick you into giving up your logins.

Latest Phishing Emails

The latest Barracuda Threat Spotlight details how the criminals use the stolen credentials for fraud or specific spear phishing campaigns that further attack the targeted business. And they’re using the tools that small businesses use every day so you’ve got to be on your toes and aware of all the links you’re clicking.

What They’re About

The spoof emails using popular web services as bait are particularly cunning. There’s no malicious attachment to tip users off and the links are unique so they’ve never been put on any blacklists.

Even common email security systems can be fooled because some of the links go to credible small business websites.

How They Work

Once on the fake sign in page, victims unwittingly provide their username and password. The criminal then remotely logs into an Office 365 or other email accounts and launches these spear phishing attacks.

The attackers also send emails to other employees in the same business or people outside the organization in the hopes of getting them to transfer money to a fraudulent account.

What Small Businesses Can Do

The best bet to stop this evolving type of attack is artificial intelligence that includes real-time spear phishing protection.

Along with regular staff training about any new threats, products incorporating AI can detect and quarantine malicious emails.

Products like Barracuda Sentinel use signals in the email metadata and body to separate normal emails from popular web services from malicious ones.

Photo via Shutterstock

More in: 3 Comments ▼

Rob Starr Rob Starr is a staff writer for Small Business Trends. Rob is a freelance journalist and content strategist/manager with three decades of experience in both print and online writing. He currently works in New York City as a copywriter and all across North America for a variety of editing and writing enterprises.

3 Reactions
  1. Never click a link in an email like this. If you truly think there is a problem, then visit the homepage of the service directly and login there. Then see if a notification or message corroborates the email.

  2. We need to be more careful. We have reached the age where people are more desperate and armed with technology.

  3. Spammers are always trying to spoof us and steal our data. We have to be cautious about these type of emails. Unsolicited emails are a big concern for the people. Thanks for sharing these updates.