Darkreading.com reported on Cofense Phishing Defense Center analysis of 31,429 malicious emails between October 2018 and March 2019 and that cybercriminals use “Subtle tactics like changing file types, or using shortened URLs, are giving hackers a hand.” The June 4, 2019 reported entitled “How Today’s Cybercriminals Sneak into Your Inbox” included these comments from Aaron Higbee (Cofense fka PhishMe co-founder and CTO):
We do continue to see them evolve with simple adjustments,
As organizations continue to move to cloud services, we see attackers going after cloud credentials,…
We are also seeing attackers use popular cloud services like SharePoint, OneDrive, Windows.net to host phishing kits.
When the threat actor can obtain credentials, they are able to log into the hosted service as a legitimate user.
Cybercriminal are very smart and understand how to invade inboxes without much trouble!