Collaboration tools are all the rage and hackers know it. When many of these tools were first built, security wasn’t on anyone’s mind. Amidst the pandemic, collaboration tools became distributed workforce staples, and some CISOs or IT teams are still scrambling to secure them and to prevent related security threats.
Phishing and Google Workspace
Free productivity tools, from Gmail to Google Docs, are now commonly leveraged within phishing campaigns, enabling hackers to pilfer users’ credentials or to install malware on devices. At least five different Google-focused phishing campaigns have been identified.
In one campaign, Google Forms are used to steal users’ credentials. Example of Google Form used to create a fake American Express account recovery form:
Image courtesy of BleepingComputer.com.
Another example of phishing emails and collaboration tools
A hacker may send out a phishing email that looks like it’s from a productivity software provider. In reality, the phishing email may contain malware. Users may accidentally agree to install the malware on their devices, believing it to be a productivity software upgrade. This type of threat places an entire organization at risk.
Phishing and managing the modern inbox
For your employees, poor email management can lead to missed opportunities. If a client sends a note and an employee misses it, hundreds, thousands or hundreds of thousands of dollars in revenue could evaporate.
So some employees do check every single email and take every email seriously. How can organizations manage phishing threats among meticulous inbox minders?
- Some internal instant messaging tools are actually more secure than email. Consider advocating for your employees to use instant messaging tools for sensitive internal communiques.
- Deploy inbound email sandboxing. This type of tool checks all inbound URLs for malicious code.
- Read up on endpoint security. Check out Cyber Talk’s endpoint buyer’s guide.
Productivity, phishing and projects
A recent study indicates that the best predictors of productivity include a team’s energy and “engagement outside formal meetings”. Feelings of overall engagement with work may help people avoid phishing scams. Distraction increases the probability of falling prey to phishing.
What else should you know about phishing and productivity tools?
There’s a lot to remain aware of. Scams are evolving everyday. For more on current phishing campaigns associated with productivity tools, visit ZDNet. For additional Cyber Talk resources on preventing email phishing, click here. Or, check out this 8-part video series on secure remote access.