Prime Cloud Companies Used for Malicious Web site Redirects in SMS Scams

SMS scammers are utilizing cloud storage from Google, Amazon, and IBM to trick you! Find out how they’re doing it and how you can defend your self from these sneaky cloud phishing scams.

The menace intelligence unit at Enea, a software program safety agency primarily based in Stockholm, Sweden, has uncovered a regarding pattern: cybercriminals are exploiting cloud techniques to perpetrate SMS scams together with Smishing or SMS phishing.

In line with the investigation by the corporate’s menace intelligence crew, cloud storage providers like Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage are being exploited to redirect customers to malicious web sites, stealing their data by means of SMS.

(Screenshot: Enea)

How Cloud Storage is Exploited?

Cloud storage permits organizations and people to retailer, entry, and handle recordsdata, together with static web sites. Nonetheless, cybercriminals have exploited this facility to host static web sites with embedded spam URLs of their supply code.

These URLs are distributed through genuine textual content messages, bypassing firewall restrictions. Cell customers click on on hyperlinks containing cloud platform domains, which direct them to the static web site saved within the storage bucket, mechanically forwarding or redirecting them with out person consciousness.

The Rip-off: From SMS to Faux Web sites

In line with Enea’s weblog put up that the corporate shared with Hackread.com forward of publication on Thursday twenty third, 2024, the attackers prioritize two fundamental goals: delivering rip-off messages with out community firewall detection and convincing finish customers to understand the messages or hyperlinks as reliable. 

The rip-off begins with a seemingly innocent textual content message (SMS). These messages usually include attractive provides or create a way of urgency, tricking recipients into clicking a hyperlink. This hyperlink redirects them to a malicious web site cleverly disguised as a official one.

As per the analysis, Google Cloud Storage’s area, “storage.googleapis.com,” is utilized by attackers to hyperlink to a static webpage hosted in a bucket on the platform. The spam web site is loaded from that webpage utilizing the “HTML meta refresh” methodology, a way utilized in internet improvement to mechanically refresh or redirect an online web page after a sure time interval.

These pretend web sites, usually hosted on cloud storage buckets with names like “dfa-b.html” on Google Cloud Storage, purpose to steal private and monetary data as soon as customers enter it. Customers are directed to fraudulent web sites providing reward playing cards to trick customers into revealing private and monetary data. 

These SMS scammers have additionally been noticed utilizing hyperlinks to static web sites hosted on Amazon Net Companies (AWS), IBM Cloud, and Blackblaze B2 Cloud.

Top Cloud Services Used for Malicious Website Redirects in SMS Scams
Malicious textual content messages despatched by means of fashionable cloud storage providers (Screenshot: Enea)

Mitigation Methods

Detecting and blocking URLs containing real Google Cloud Storage domains is difficult on account of their affiliation with official domains from respected corporations. To guard your self from cloud phishing scams, be cautious with suspicious SMS hyperlinks, test web site legitimacy earlier than coming into private data, and allow multi-factor authentication (MFA) so as to add an additional layer of safety.

  1. The Prime 5 Cloud Vulnerabilities You Ought to Know Of
  2. Cloud safety – An ongoing battle to maintain delicate knowledge protected
  3. New Vulnerability LeakyCLI Leaks AWS, Google Cloud Credentials
  4. Shadow IT: Private GitHub Repos Expose Worker Cloud Secrets and techniques
  5. Dropbox Abused in New Phishing, Malspam Rip-off to Steal SaaS Logins

Recent articles

INTERPOL Pushes for

Dec 18, 2024Ravie LakshmananCyber Fraud / Social engineering INTERPOL is...

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...