Cyber-security researchers have discovered several freemium software-as-a-service (SaaS) platforms that scammers abuse to conduct phishing campaigns against popular companies.
Most of these campaigns targeted Indian banking, financial services, and insurance (BFSI) customers.
Threat actors have resorted to using legitimate SaaS platforms to host phishing pages at a minimal/no cost. These short-lived and easy-to-host phishing pages are also difficult to trace back to the actors responsible, according to cyber-security firm CloudSEK.
SaaS products and services usually offer free or low-cost trials.
While this has allowed users across the world to try out services before subscribing or buying the products, it also provides an opportunity for threat actors to pose as legitimate users and misuse the products to defraud consumers.
The CloudSEK team identified several such incidents, especially targeting banking customers, and released advisories to inform the affected SaaS companies and the public.
Scammers were able to evade detection by cleverly exploiting the following user-friendly services provided by each of these platforms.
Cybercriminals try to use free services for phishing campaigns to maximize their profits. Developer-focused platforms like Cloudflare Pages and Firebase Hosting provide certain features such as GitHub integration, which are easily abused to create phishing domains.