"Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks"

Threat actors are using Digital Document Publishing (DDP) sites hosted on platforms such as FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet to perform phishing, credential harvesting, and session token theft, bringing further attention to how threat actors repurpose legitimate services. According to Cisco Talos researcher Craig Jackson, hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack because these sites often have a positive reputation, are unlikely to appear on web filter blocklists, and may instill a false sense of security. Although adversaries have previously used popular cloud-based services such as Google Drive, OneDrive, Dropbox, SharePoint, DocuSign, and Oneflow to host phishing documents, the new development suggests an escalation aimed at evading email security controls. This article continues to discuss findings and observations regarding hackers' use of DDP sites for phishing attacks.

THN reports "Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks"

Submitted by grigby1

Submitted by Gregory Rigby on