Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ISC Stormcast For Friday, August 24th 2018

Simple Phishing Through

Published: 2018-08-23
Last Updated: 2018-08-23 06:15:20 UTC
by Xavier Mertens (Version: 1)
1 comment(s)

For a long time, moving services to the cloud has been a major trend. Many organizations jumped into the cloud because it’s much easier and cost less money (in terms of maintenance, licence, electricity, etc). If so, why should bad guys not follow the same trend? Last year, I wrote a diary about a phishing campaign that used[1] to handle the HTTP POST data. Yesterday, I found a new one fully hosted by a cloud service. It was accessed through a shortened URL in a mail: is a service which offers powerful online forms. They have a free plan which allows 3 forms / 15 fields / 50 submissions per month. This can be more than enough for a phishing campaign, especially if you create multiple accounts. Once registered, you can design your forms and manage them via a nice dashboard:

Not surprisingly, I found more than one malicious forms:


Using such services is interesting from an attacker point of view because they don’t need to compromize other resources to host their phishing pages and cloud services are usually allowed through proxies/access-lists.


Xavier Mertens (@xme)
Senior ISC Handler - Freelance Cyber Security Consultant

Keywords: Email Form Phishing
1 comment(s)
Diary Archives