Cybercriminals Exploit Popular Content Creation Platforms for Phishing Attacks – Barracuda

Cybercriminals are exploiting popular content creation and collaboration platforms widely used by schools, graphic designs and businesses, to launch dangerous phishing attacks, according to new research from Barracuda Networks.

Targeting content creation platforms with millions of users worldwide, the new research reveals how cybercriminals exploit these platforms to send phishing links disguised within emails featuring legitimate-looking posts, designs, and documents.

Unsuspecting victims who click on the links are directed to fraudulent login pages or other deceptive sites intent on stealing sensitive information, such as login credentials and personal data.

Content creation platforms are experiencing a rapid rise in popularity across Singapore and the wider Asia-Pacific (APAC) region, driven by a growing appetite for digital engagement and creative expression. In Singapore, digital platforms that facilitate content creation are becoming essential tools for users, with over 85% of the population engaging in content sharing and creation activities.

Content Creation Platforms Used for Phishing Attacks

“The increase in phishing attacks leveraging trusted content creation and collaboration platforms highlights a shift in cybercriminal tactics towards the misuse of popular, reputable online communities to implement attacks, evade detection and exploit the confidence that people have in such platforms,” said Saravanan Govindarajan, Manager, Threat Analysis at Barracuda. “It is vital for individuals and organisations in Singapore, and the wider Asia-Pacific region to remain vigilant and ensure they have robust security measures in place that can detect and adapt to evolving threats.”

The new research is the latest in a series of recent reports based on Barracuda detection data and threat intelligence, which show how the attackers behind email threats are refining their tools and techniques to increase their chances of success and avoid being spotted and blocked by advanced security tools.

Examples included attackers leveraging QR codes, popular webmail services, URL shorteners, and attacks that attempt to exfiltrate potentially significant volumes of data via sophisticated infostealers.

To stay protected from such threats, Barracuda recommends that email recipients apply caution when invited to click on links in unsolicited emails, or in messages from unknown senders. Other potential red flags include suspicious calls to action, and unexpected or illogical landing sites from links they receive, such as a service that isn’t provided by Microsoft asking for Microsoft logins. Email protection solutions that feature multilayered, AI- and machine-learning-powered detection may also help to prevent these types of attacks from reaching user inboxes.