Human hacking and multichannel phishing are on the rise

Human hacking is a modern way of thinking about phishing in its entirety, meaning anything malicious that reaches a user to steal credentials, data, or financial information. By focusing on phishing as an email or spam problem, hackers gain the upper hand. Today, protecting only email and leaving other digital communication channels unprotected against phishing allows hackers to target your high-value users with increased success. The shift to remote work requires a refocus on multi-channel phishing protection. Hackers take advantage of digital channels that help remote worker productivity such as SMS / Text, Slack, LinkedIn, Zoom, Microsoft Teams, Google Meet, and WhatsApp. These channels are less protected and provide an easy way to trick users, steal credentials, and ultimately exfiltrate an organization’s data.

These platforms have seen a peak in use since the increase in remote working. SlashNext Threat Labs sees new sites masquerading as these common platforms and reports a 270% increase in social engineering and an overall 51% increase in phishing so far in 2021.

According to Gartner, more than 95% of breaches start with the theft of credentials. With 71% of companies using cloud or hybrid cloud collaboration tools, this is fertile ground for credential theft. If users re-use the same password across multiple work accounts like Zoom, Microsoft 365, and LinkedIn, it’s easy to get credentials for one account and then use it to access other sharing platforms. the same credentials.

Attacks using zoom
In this example, a site impersonates Zoom and asks users to enter their email address and password or connect with other sources such as Google, Facebook, or single sign-on services issued. by the company.

Zoom phishing attack

URL: (hxxp: // zoomuserin (.) 000webhostapp (.) com /)

SlashNext Threat Labs reports a growing trend of malicious URLs that look the same as a meeting invite. This attack is used to harvest Microsoft 365 or Google Workspace credentials. In the example below, a malicious URL that looks a lot like a Zoom URL for a scheduled meeting directs the user to a landing page asking them to enter their Microsoft 365 credentials.

Zoom Phishing

URL: (hxxps: // zoomorg6839 (.) z13 (.) web (.) core (.) windows (.) net /)

Attacks using LinkedIn
With the recent LinkedIn breach, a billion profiles were compromised. Attackers used this information to automate targeted attacks to trick users into sharing more sensitive information, as shown in a recent spear-phishing attack with fake Linkedin login pages. This spear-phishing attack is the most dangerous because it is hosted on a legitimate cloud infrastructure, in this case Weebly, and will bypass most phishing detection tools.

LinkedIn phishing attack

As users adapt to remote work, the threat landscape is changing and anti-phishing services must protect users from phishing everywhere. The only way to know if you have a phishing problem outside of email is to assess the phishing attack surface. Here are some questions to get started:

  • Where are your employees protected against phishing?
  • What phishing attacks are you missing on mobile, browsers, collaboration apps, games or search?
  • Are your users protected from real-time zero hour threats?
  • Are they protected when accessing URLs on their browser or mobile device?
  • Do they have in-app or extension protection against no-hour phishing threats?

Answering no to any of these questions may indicate a risk to users and the organization. For a more in-depth look at multichannel phishing and human hacking across apps and browsers like Linkedin, Twitter, SMS, etc., join the Phish Stories 9: Hacking Humans webinar on Linkedin, Twitter and SMS on October 27e at 10:00 a.m. Pacific Time.

Read the whole Human hacking report at

The Human Hacking and Multi-Channel Phishing is Surging post first appeared on SlashNext.

*** This is a syndicated Security Bloggers Network blog from SlashNext written by Lisa O’Reilly. Read the original post at:

Comments are closed.