chat
expand_more

File-Sharing Fraud: Data Reveals 350% Increase in Hard-to-Detect Phishing Trend

Released today, our H2 2024 Email Threat Report spotlights sophisticated phishing attacks that exploit file-sharing platforms. Learn more.
August 14, 2024

Phishing has long remained a favorite strategy among cybercriminals, and as security awareness has evolved, so have their tactics. According to our H2 2024 Email Threat Report, which was released today, phishing makes up nearly 72% of all advanced attacks, with one method outpacing all others.

File-sharing phishing—a type of attack in which threat actors send emails that appear to be from trusted file-sharing platforms—has increased 350% year over year. This growing threat leverages popular file-sharing services and believable pretexts to trick recipients into entering their credentials into fraudulent login pages or downloading malware disguised as an important file.

Like all types of phishing, file-sharing attacks work by exploiting recipients’ trust. But, unlike more traditional forms of email phishing, this strategy is much more difficult to detect.

Our latest report delves into important trends and emerging strategies across the threat landscape, including increasingly sophisticated phishing attacks. Here are a few key highlights of the file-sharing phishing trend.

File-Sharing Phishing Is Disturbingly Unsuspicious

For many years, security-aware employees and legacy security tools used common telltale signs to detect phishing attempts, including poor grammar, spelling mistakes, or obvious indicators of compromise—such as the inclusion of malicious URLs or attachments. However, file-sharing phishing eliminates many of these signals, subverting security protocols and end-user expectations.

While these attacks still leverage typical social engineering tactics, like impersonating a trusted entity, they are virtually undetectable because they mimic unremarkable, run-of-the-mill business correspondences.

Sharing files and documents via email is a common practice for organizations in every industry. While the themes of some phishing attacks are likely to give most employees pause (such as unsolicited, too-good-to-be-true job offers or an email from the HR director requesting $500 in gift cards), the pretext of file-sharing phishing attacks is perfectly ordinary and, therefore, inherently believable.

File-sharing phishing attempts also often include subject lines and file names that are enticing enough to open but not so outlandish that they’d set off alarm bells. For example, a subject line might reference updates to the company’s compensation package, PTO policy, or bonus structure, or another scenario likely to pique interest without raising suspicion.

Additionally, because cybercriminals are adopting generative AI tools to craft phishing emails, their messages lack the awkward syntax or spelling and grammatical errors that might otherwise tip off targets and traditional security tools. These tools, combined with the growth of phishing-as-a-service kits, mean even threat actors with rudimentary technical skills can execute sophisticated phishing schemes with professional language, high-quality graphics, eerily realistic login pages for collecting credentials, and more.

Threat Actors Exploit Real Services

File-sharing phishing attacks would be a pressing issue regardless of volume, as one single successful attack can have costly consequences. But considering that these attacks increased by 350% between June 2023 and June 2024, it’s clear that blocking these threats is rapidly becoming more critical than ever.

H2 2024 Threat Report File Sharing Phishing Attack Volume

Part of what makes file-sharing phishing effective is that many attacks go beyond simply impersonating legitimate file-hosting solutions—they exploit real services like Dropbox, Sharefile, or Google Drive. According to data in our latest report, ​​60% of file-sharing phishing attacks are sent using legitimate domains that were registered more than five years ago.

By creating genuine accounts, cybercriminals can send legitimate emails with legitimate embedded links and only expose targets to malicious content after they’ve engaged with a shared file. Also, because many of these platforms offer free service tiers or trials, file-sharing phishing is relatively inexpensive.

The recent accelerated adoption of file-sharing platforms and e-signature solutions also benefits threat actors. With increases in remote and hybrid working over the past few years, employees have become more accustomed to engaging with sensitive materials through file-hosting platforms. Because employees often receive notifications to open or edit files from their peers, they’re unlikely to think twice about clicking a link and entering login information to review a document.

But even when cybercriminals choose not to use real platforms, it’s relatively easy to mask malicious links and trick traditional security solutions. For example, some attackers use URL shorteners or redirect capabilities, which direct targets to a legitimate website before sending them to a malicious site. Because traditional security solutions only analyze the top-level domain and not the entire URL or its final destination, these tactics decrease the chances of the link being flagged by legacy tools as malicious.

Most-Targeted Industries Have Similar Characteristics

Although threat actors target every industry, the finance sector experiences the highest proportion of file-sharing phishing attacks, followed closely by construction/engineering and real estate/property management. This is likely due to a few shared characteristics.

H2 2024 Threat Report File Sharing Phishing Attacks Industry Breakdown

First, because these industries rely heavily on file-hosting and e-signature solutions to exchange documents with their clients and partners, recipients are less likely to detect phony notifications among the flood of legitimate file-sharing notifications. Additionally, organizations in these fields often operate in fast-moving environments where people are used to making decisions quickly. Threat actors often exploit recipients’ sense of urgency, since time-critical tasks aren’t unusual.

Lastly, these three industries are among the most regulated. Given regulatory and compliance standards require employees to adhere to specific processes that often aren’t informed by emerging cybersecurity threats, their rigidity can create unexpected vulnerabilities.

Defending Against File-Sharing Phishing Attacks

Phishing is becoming more sophisticated, and file-sharing phishing is just one way threat actors are evolving their techniques to exploit trends in email use. Legacy security tools are no longer enough to defend against the latest generation of attacks — especially since new technologies like Generative AI can make malicious communications practically indistinguishable from safe emails.

The best way to stave off attacks is to adopt an email security solution that can detect even hyper-personalized and never-before-seen threats, and remediate malicious emails before end-users even have a chance to engage.

For more insight into file-sharing phishing attacks and the current email threat landscape, download our H2 2024 Email Threat Report.

Get the Report
File-Sharing Fraud: Data Reveals 350% Increase in Hard-to-Detect Phishing Trend

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More
B 2024 ISC2 Cybersecurity Workforce Study Recap
Explore key findings from the 2024 ISC2 Cybersecurity Workforce Study and find out how SOC teams can adapt and thrive amidst modern challenges.
Read More
B Reg AI
There are ways to protect the public from the potential dangers of AI without stifling innovation—and the Europeans have already shown us how.
Read More