New Delhi, March 6 : Cyber-security researchers on Monday said they have discovered several freemium software-as-a-service (SaaS) platforms that scammers abuse to conduct phishing campaigns against popular companies. Most of these campaigns targeted Indian banking, financial services, and insurance (BFSI) customers. Coinbase Cyberattack: Crypto Exchange Platform Faces Cybersecurity Attack, Employee Targeted; Customer Data and Funds Safe.

Threat actors have resorted to using legitimate SaaS platforms to host phishing pages at a minimal/no cost. These short-lived and easy-to-host phishing pages are also difficult to trace back to the actors responsible, according to cyber-security firm CloudSEK. Twitter No Longer Able To Protect Users From Trolls, Misinformation.

SaaS products and services usually offer free or low-cost trials. While this has allowed users across the world to try out services before subscribing or buying the products, it also provides an opportunity for threat actors to pose as legitimate users and misuse the products to defraud consumers.

The CloudSEK team identified several such incidents, especially targeting banking customers, and released advisories to inform the affected SaaS companies and the public. Scammers were able to evade detection by cleverly exploiting the following user-friendly services provided by each of these platforms.

"Cybercriminals always try to use free services for phishing campaigns to maximize their profits. Developer-focused platforms like Cloudflare Pages and Firebase Hosting provide certain features such as GitHub integration, which are easily abused to create phishing domains," the researchers noted.

(The above story first appeared on LatestLY on Mar 06, 2023 05:50 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).