File sharing has been one of the most useful technologies available to many people for personal and professional use. Only one or two companies offered file sharing and storage technology in the first years of its existence. Since then, it has expanded to numerous available options such as Google Drive, Microsoft One Drive, Box, We Transfer, and many more. These technologies allow people to access their files and collaborate in much more effective and efficient ways, especially when compared to emailing files to one another.

Unfortunately, file sharing has not been spared from phishing threats. Since people are more likely to trust and open files from friends, family, and colleagues, cybercriminals target these attacks using a hijacked account. Learning about these attacks are carried out and what they look like will help you identify a phishing threat coursed through file sharing sites when you see one.


How Phishing Attacks Work on Sharing Sites

The first step in launching a phishing attack via a file-sharing site is for the cybercriminal to get the credentials to an email account. They acquire this data through other phishing methods, such as sending suspicious emails that lead to fake login pages that look authentic (called spoofed domain pages).

Once they have gathered the right information, cybercriminals will infiltrate by sending a fake link to a shared document to hundreds of other people on the contacts list. The cycle continues as victims are led to more spoofed domain pages where they input their credentials for abuse.


Case Study: Phishing Scam on Google Docs

Several years back, the Google Docs file sharing system fell victim to a similar phishing scam with over one million email accounts affected. Email users received phishing emails stating that they had been added to one of their contact’s Google Docs. The link redirected the user to a login screen where cybercriminals could use their credentials to access their email and contacts.

This incident caught the cyber community’s attention because it showed that even big companies could be affected by dangerous phishing scams. The future of phishing is not through malware or fake websites but by tricking unassuming users into giving up their login credentials to third-party applications that aren’t safe.

Learning how to protect yourself from phishing attacks is more important than ever.


File-Sharing Phishing: Protecting Yourself

It’s important to know the gravity of some phishing scams so that you’ll know what you’re up against and just how to protect yourself from becoming a victim. Credentials are usually sold on the black market, with more reputable domains making the most money. However, even small-time cyber criminals will use your stolen credentials to try and access funds in your bank accounts through a wire transfer.

Because phishing is such a lucrative business, cybersecurity companies and anti-phishing professionals are sure to remain busy, fending off similar threats for many years to come. The best way you can protect yourself is to thoroughly research and educate your company or business on spotting such scams. Training and testing are most useful for employees despite the human error that will likely be involved in identifying a true email versus a fake one.


Phishing scams are scary as they can jeopardise all your important information that you’ve thought to be secure all this time. These threats are very real and very present to warrant your utmost attention. However, educating yourself and your staff is not enough. By investing in the right cybersecurity experts, you can guarantee your safety as they set up the necessary anti-phishing measures to counter such attacks. To be prepared is to be safe; don’t let yourself become a victim today.

Protection against phishing requires a leading online cybersecurity and brand protection company like FraudWatch International. We are leaders in online brand protection from phishing, malware, and social media or apps impersonation. Make an inquiry on our flagship anti-phishing services today!