New Delhi, March 6 (SocialNews.XYZ) Cyber-security researchers on Monday said they have discovered several freemium software-as-a-service (SaaS) platforms that scammers abuse to conduct phishing campaigns against popular companies.
Most of these campaigns targeted Indian banking, financial services, and insurance (BFSI) customers.
Threat actors have resorted to using legitimate SaaS platforms to host phishing pages at a minimal/no cost. These short-lived and easy-to-host phishing pages are also difficult to trace back to the actors responsible, according to cyber-security firm CloudSEK.
SaaS products and services usually offer free or low-cost trials.
While this has allowed users across the world to try out services before subscribing or buying the products, it also provides an opportunity for threat actors to pose as legitimate users and misuse the products to defraud consumers.
The CloudSEK team identified several such incidents, especially targeting banking customers, and released advisories to inform the affected SaaS companies and the public.
Scammers were able to evade detection by cleverly exploiting the following user-friendly services provided by each of these platforms.
"Cybercriminals always try to use free services for phishing campaigns to maximize their profits. Developer-focused platforms like Cloudflare Pages and Firebase Hosting provide certain features such as GitHub integration, which are easily abused to create phishing domains," the researchers noted.
Gopi Adusumilli is a Programmer. He is the editor of SocialNews.XYZ and President of AGK Fire Inc.
He enjoys designing websites, developing mobile applications and publishing news articles on current events from various authenticated news sources.
When it comes to writing he likes to write about current world politics and Indian Movies. His future plans include developing SocialNews.XYZ into a News website that has no bias or judgment towards any.
He can be reached at firstname.lastname@example.org