Cloud storage re-up attacks.

Avanan, a Check Point Software Company, this morning released a report detailing an attack that threatens deletion of personal files for the purpose of credential harvesting.

How the cloud storage re-up attack occurs.

Researchers share that the attack begins with a phishing email. The email says that the user’s cloud storage is full, and provides a link to get 50 more gigabytes for free. Of course, the link does not go to a legitimate cloud file storage site, rather it is a malicious link to a credential harvesting site. This site tells users to “validate“ their account by inputting their credit card number, which will be charged by the threat actors and taken if entered.

Techniques used by the hackers, and best practices to prevent your credentials from being harvested.

The hackers relied on a sense of urgency and the threat of loss of the user’s personal files in hopes of lifting the credit card information of victims. This URL was also a SendGrid link, rather than a link to a legitimate cloud storage site, and the email address used to send the email was also not from a legitimate domain. Something that is also worthy of note is that for a legitimate cloud file storage service like Google Drive, there is a limitation to how much free storage one can receive. However, when that storage is full the data isn’t deleted, rather, you can choose to upgrade for more space. Avanan researchers advise double checking URLs before clicking on any links in emails, as well as checking the sender’s email address to see if it matches.