AWS exploited in new phishing campaign

Threat actors have launched a new phishing campaign leveraging Amazon Web Services in an effort to avert security scans, according to TechRepublic. AWS is being exploited by attackers to create and host phishing pages warning targets regarding a supposed password expiration, an Avanan study revealed. Attackers then send phishing emails impersonating Microsoft with a button for password retention, which instead redirects to a phishing page that would enable password harvesting. Researchers noted that the scheme's success relies on attackers' use of AWS, which is always on the Allow list of traditional email security tools and thus enables entry of phishing messages in users' inboxes. AWS has already been informed regarding the new campaign, said Avanan, which added that such phishing attacks should prompt organizations to enable advanced artificial intelligence and email security systems to better weed out malicious emails. Individuals have also been urged to examine email contents prior to acting upon messages, scan email hyperlinks, and reach out to their organizations' IT support or help desk staff when doubtful about email legitimacy.