Attackers are now impersonating popular web services like Microsoft Outlook, DocuSign, and Google Docs to trick you to freely give up your credentials. Credit: Thinkstock We recently discussed how cybercriminals target mid to low level employees in multi-stage spear phishing campaigns where attackers will impersonate your colleague, partner, or customer via email. The intention is often to steal your credentials in order to successfully commit fraud against you. Now, we are seeing an extremely large volume of web service impersonation email threats, where attackers cunningly impersonate popular web services such as Microsoft Outlook, Docusign and Google Docs to entice victims into logging into fake websites and ultimately give up their credentials.Evolving sly cyber fraud tacticsThis rise in web service impersonation attacks involves placing a link to a web page that prompts employees to log in; however, they are actually sacrificing their credentials to criminals instead of logging in.From there, when the unsuspecting victim clicks on the link and is directed to a false sign in page, they will provide attackers with their usernames and password without knowing they had done anything out of the ordinary. After stealing the credentials, the attackers will typically use them to remotely log into the user’s Office 365 or other email accounts and use this as a launching point for other spear phishing attacks. At this point, it becomes even more difficult to detect attackers at work because they will send additional emails to other employees or external partners, trying to entice those recipients to click on a link or transfer money to a fraudulent account.Traditional email security fails to detect this attackUnfortunately, these web services impersonation email attacks are not detected by existing email security solutions for several reasons: The links used are typically zero-day where a unique link is sent to each recipient. They never appear on any security blacklists.In many cases, the links included in messages lead to a legitimate website, where the attacker has maliciously inserted a sign in page, and the domain and IP reputation will appear legitimate.Link protection technologies such as “safe links” will not protect against these links. Since the link just contains a sign in page and do not download any malicious viruses, the user will follow the “safe link” and will still enter the user name and password.Therefore, even with traditional email security technologies enabled, there is nothing preventing the user from providing their credentials to the cunning attacker. The best hope for security to protect users from this type of email borne impersonation attack is by enabling artificial intelligence technologies and training to raise awareness of these types of attacks.Artificial intelligence security can save the dayAI can be taught to automatically detect and quarantine these emails. In this case, an AI security solution can recognize how a normal email from a popular web service looks based on the signals in the email metadata and body. Here is an example: You would expect emails from Facebook to come from messages@facebook.com and include a link to facebook.com. It is very unlikely to receive an email from john@facebook.mydomain.com with a link to sdfsdf.co.uk. Even if the sdfsdf.co.uk link has a high reputation and does not appear on any blacklists within the context of an email from Facebook, it is extremely unlikely to be legitimate. An AI engine can spot this discrepancy despite the link being reputable and prevent the email from reaching any end users. This is vital as it is guaranteed that someone in your organization will eventually fall for this bait.Security training is required for allHistorically, security and awareness training were reserved for executives and high-risk individuals with an organization – but now, cybercriminals know this. We have now seen an immense rise in targeting low and mid-level employees that are not trained to sniff out spam and possible email threats. With 90 percent of attacks starting with an email borne threat, it is imperative that every single employee from the CEO on down is trained and tested regularly on their ability to spot suspicious behavior.Organizations must plan for email threats such as these and many others, train all of their employees, test them on the latest email threats, and work to ensure everyone is a security advocate. Traditional email security will not catch these threats, and not every employee will delete the email, so incorporating a holistic risk prevention strategy with the latest email security technologies such as artificial intelligence and regular security training will best prepare you for the next threat tactic cybercriminals use to try to steal your information. Related content opinion Cybercriminals impersonate popular file sharing services to take over email accounts Email account takeover attacks are growing, and attackers are impersonating OneDrive and other popular web services to steal credentials from employees. By Asaf Cidon May 21, 2018 5 mins Phishing Technology Industry Hacking opinion Make sure you pick the right security tools for the cloud Organizations must evolve beyond on-premises security mentalities and address the emerging demands of the cloud. Not doing so will hinder migration, deteriorate security posture and cost money and time. By Hatem Naguib Nov 15, 2017 4 mins Cloud Security Security opinion Multi-stage spear phishing – bait, hook and catch Multiple step spear phishing is the latest iteration in social engineering from sophisticated cyber criminals. By Asaf Cidon Oct 04, 2017 5 mins Phishing Technology Industry Fraud Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe