The latest: "A cyber espionage campaign is targeting national security think tanks and academic institutions in the US in what's believed to be an intelligence gathering operation" ... the mechanism used is email: "...spear-phishing attacks using fake emails with malicious attachments attempts to deliver [...] malware".
Why email? Despite recent advances in collaboration platforms, a majority of enterprise users still depend on email for communication and sharing. And there are all kinds of opportunities for trickery in email...
The above phishing attack is designed to look like it comes from Microsoft OneDrive.
Examining the URLs and domains reveals it to be questionable - but some number of users who receive it will definitely click on it. And that's why OneDrive, Dropbox and other cloud file storage and sharing systems are so frequently blocked by large or regulated companies.
For starters, the e-Share service is always fully re-branded including your logo, colors and subdomain. Recipients will recognize these details and know it's ok to share and collaborate.
The link to the shared content will also use the same sub-domain.
Of course you can also use our fine-grained controls to further control the experience. Meanwhile your security team will continue to block unknown domains, including the cloud file storage services, to keep users and their data safe.
Once you adopt this approach, you can train your internal users to ignore anything that isn't from the official domain of important partners & vendors.
In addition to deploying Trusted Sharing, we recommend the following best practices for
secure collaboration... via email or any other platform!
We just sent you an email. Please click the link in the email to confirm your subscription!