"Vanity URLs Could be Spoofed for Social Engineering Attacks"

Security researchers at Varonis are warning that vanity links created by companies to add their brand to well-known cloud services could become a useful vector for phishing attacks and a way to better fool victims.  The researchers stated that cloud services that don't check whether subdomains have been modified could allow links that appear to be from "varonis.box.com" or "apple.zoom.us," which are two examples.  In the case of Box.com, that could lead to a malicious document, and in the case of Zoom, that could mean a webinar that collects information and is unrelated to the cited brand.  The researchers noted that the problems occur when a cloud service allows a vanity subdomain but does not validate the subdomain or use the subdomain to provide services.  More than six months ago, Varonis notified Box.com and Zoom of the issue, along with Google, whose links to Google Docs could be spoofed.  The problems are mostly fixed now.  However, the problem likely exists for other services.  One researcher stated that they think it is more than just those three Saas services adding that attackers can also use the predictability of the subdomains to select potential victims.  The researcher noted that because of the vanity URLs, it makes it very easy for threat actors to scan all the subdomains of all the big Fortune companies with different cloud providers.  

 

Dark Reading Reports: "Vanity URLs Could be Spoofed for Social Engineering Attacks"

Submitted by Anonymous on