chat
expand_more

File-Sharing Fraud: Data Reveals 350% Increase in Hard-to-Detect Phishing Trend

Released today, our H2 2024 Email Threat Report spotlights sophisticated phishing attacks that exploit file-sharing platforms. Learn more.
August 14, 2024

Phishing has long remained a favorite strategy among cybercriminals, and as security awareness has evolved, so have their tactics. According to our H2 2024 Email Threat Report, which was released today, phishing makes up nearly 72% of all advanced attacks, with one method outpacing all others.

File-sharing phishing—a type of attack in which threat actors send emails that appear to be from trusted file-sharing platforms—has increased 350% year over year. This growing threat leverages popular file-sharing services and believable pretexts to trick recipients into entering their credentials into fraudulent login pages or downloading malware disguised as an important file.

Like all types of phishing, file-sharing attacks work by exploiting recipients’ trust. But, unlike more traditional forms of email phishing, this strategy is much more difficult to detect.

Our latest report delves into important trends and emerging strategies across the threat landscape, including increasingly sophisticated phishing attacks. Here are a few key highlights of the file-sharing phishing trend.

File-Sharing Phishing Is Disturbingly Unsuspicious

For many years, security-aware employees and legacy security tools used common telltale signs to detect phishing attempts, including poor grammar, spelling mistakes, or obvious indicators of compromise—such as the inclusion of malicious URLs or attachments. However, file-sharing phishing eliminates many of these signals, subverting security protocols and end-user expectations.

While these attacks still leverage typical social engineering tactics, like impersonating a trusted entity, they are virtually undetectable because they mimic unremarkable, run-of-the-mill business correspondences.

Sharing files and documents via email is a common practice for organizations in every industry. While the themes of some phishing attacks are likely to give most employees pause (such as unsolicited, too-good-to-be-true job offers or an email from the HR director requesting $500 in gift cards), the pretext of file-sharing phishing attacks is perfectly ordinary and, therefore, inherently believable.

File-sharing phishing attempts also often include subject lines and file names that are enticing enough to open but not so outlandish that they’d set off alarm bells. For example, a subject line might reference updates to the company’s compensation package, PTO policy, or bonus structure, or another scenario likely to pique interest without raising suspicion.

Additionally, because cybercriminals are adopting generative AI tools to craft phishing emails, their messages lack the awkward syntax or spelling and grammatical errors that might otherwise tip off targets and traditional security tools. These tools, combined with the growth of phishing-as-a-service kits, mean even threat actors with rudimentary technical skills can execute sophisticated phishing schemes with professional language, high-quality graphics, eerily realistic login pages for collecting credentials, and more.

Threat Actors Exploit Real Services

File-sharing phishing attacks would be a pressing issue regardless of volume, as one single successful attack can have costly consequences. But considering that these attacks increased by 350% between June 2023 and June 2024, it’s clear that blocking these threats is rapidly becoming more critical than ever.

H2 2024 Threat Report File Sharing Phishing Attack Volume

Part of what makes file-sharing phishing effective is that many attacks go beyond simply impersonating legitimate file-hosting solutions—they exploit real services like Dropbox, Sharefile, or Google Drive. According to data in our latest report, ​​60% of file-sharing phishing attacks are sent using legitimate domains that were registered more than five years ago.

By creating genuine accounts, cybercriminals can send legitimate emails with legitimate embedded links and only expose targets to malicious content after they’ve engaged with a shared file. Also, because many of these platforms offer free service tiers or trials, file-sharing phishing is relatively inexpensive.

The recent accelerated adoption of file-sharing platforms and e-signature solutions also benefits threat actors. With increases in remote and hybrid working over the past few years, employees have become more accustomed to engaging with sensitive materials through file-hosting platforms. Because employees often receive notifications to open or edit files from their peers, they’re unlikely to think twice about clicking a link and entering login information to review a document.

But even when cybercriminals choose not to use real platforms, it’s relatively easy to mask malicious links and trick traditional security solutions. For example, some attackers use URL shorteners or redirect capabilities, which direct targets to a legitimate website before sending them to a malicious site. Because traditional security solutions only analyze the top-level domain and not the entire URL or its final destination, these tactics decrease the chances of the link being flagged by legacy tools as malicious.

Most-Targeted Industries Have Similar Characteristics

Although threat actors target every industry, the finance sector experiences the highest proportion of file-sharing phishing attacks, followed closely by construction/engineering and real estate/property management. This is likely due to a few shared characteristics.

H2 2024 Threat Report File Sharing Phishing Attacks Industry Breakdown

First, because these industries rely heavily on file-hosting and e-signature solutions to exchange documents with their clients and partners, recipients are less likely to detect phony notifications among the flood of legitimate file-sharing notifications. Additionally, organizations in these fields often operate in fast-moving environments where people are used to making decisions quickly. Threat actors often exploit recipients’ sense of urgency, since time-critical tasks aren’t unusual.

Lastly, these three industries are among the most regulated. Given regulatory and compliance standards require employees to adhere to specific processes that often aren’t informed by emerging cybersecurity threats, their rigidity can create unexpected vulnerabilities.

Defending Against File-Sharing Phishing Attacks

Phishing is becoming more sophisticated, and file-sharing phishing is just one way threat actors are evolving their techniques to exploit trends in email use. Legacy security tools are no longer enough to defend against the latest generation of attacks — especially since new technologies like Generative AI can make malicious communications practically indistinguishable from safe emails.

The best way to stave off attacks is to adopt an email security solution that can detect even hyper-personalized and never-before-seen threats, and remediate malicious emails before end-users even have a chance to engage.

For more insight into file-sharing phishing attacks and the current email threat landscape, download our H2 2024 Email Threat Report.

Get the Report
File-Sharing Fraud: Data Reveals 350% Increase in Hard-to-Detect Phishing Trend

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More
B How Phishing Kits Work Blog
Learn how phishing kits provide pre-packaged tools for stealing credentials, bypassing MFA, and targeting platforms like Gmail and Microsoft 365.
Read More
ABN Innovate Blog 1 L1 R1
Join Abnormal Security for a one-day virtual conference featuring the best insights from cybersecurity experts and AI leaders.
Read More
B Partners2024
Discover how strategic investments, global collaboration, and cutting-edge initiatives have empowered our partners to thrive and set the stage for even greater success in 2025.
Read More