: The No. 1 way cybercriminals attack office equipment with malware — and why employees fall for it

This post was originally published on this site

Infecting a worker’s computer cloud system not only gives scammers access to confidential company information, it can also provide them with an opportunity to impersonate the worker using their professional email account.

The phishing may start with an email designed to resemble a legitimate company, and contain a fake invoice or merely ask the recipient to review a document that looks like an HTML file, but is actually a downloadable PDF.

A new report by Netskope, a software company providing computer security, looked at ways cybercriminals were gaining access to people’s work computer systems. The most popular way? Through the cloud.

Google Drive
GOOG,
+1.17%

was the top app for malware downloads in 2021, taking over the No. 1 spot from Microsoft OneDrive
MSFT,
+1.55%
.
The percentage of malware downloads from cloud apps hovered at 66%, up from 46% in 2020. (Google and Microsoft did not respond immediately to requests for comment.)

“More than half of managed cloud app instances are targeted by credential attacks, while the sources of such attacks shift from a few heavy hitters to a more decentralized attack,” the authors of the report wrote.

‘Attackers create their own free accounts, upload malicious payloads, and share them publicly or with specific victims.’

They also said the “Great Resignation” has created new challenges for companies. “More than one out of every seven people are using personal Cloud Storage apps to take data with them when they leave,” the report added.

Clouds provide easy access for cybercriminals. “Attackers create their own free accounts, upload malicious payloads, and share them publicly or with specific victims,” according to Netskope.

Workers are also at risk if they are using their work equipment for personal use, particularly online shopping, but those scams typically involve scam artists getting their hands on a person’s credit-card details.

The Federal Trade Commission said there were 57,769 online shopping fraud reports from Jan. 1 to Oct. 18, followed by travel scams (46,458), diet scams (15,713), government imposters (12,491) and business imposters (8,794).

Bottom line: phone calls, emails and fake websites are all designed to catch you off-guard. You may, for instance, be stressed out or tired after a long day’s work and panic if you see a message purported to be about your holiday shopping.