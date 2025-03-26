A growing number of phishing campaigns have been observed leveraging trusted online document platforms to evade secure email gateways (SEGs) and steal credentials.

Threat analysts at Cofense Intelligence have identified that platforms such as Adobe, DocuSign, Dropbox, Canva and Zoho are being misused in phishing attacks due to their widespread adoption by businesses and individuals.

In 2024, these online document services reportedly accounted for 8.8% of all credential phishing campaigns, with 79% of observed cases involving credential theft attempts.

How Threat Actors Exploit Document Platforms

In a new report published today, Cofense explained how these platforms are trusted within corporate and personal environments, making it easier for attackers to bypass security filters.

Some services automatically send notifications to users when a document is shared, further legitimizing the phishing attempt. SEGs often permit these emails due to their origins from reputable domains, allowing malicious links to reach recipients.

Additionally, some services, such as DocuSign, have features that inadvertently benefit attackers, such as link expiration mechanisms that hinder post-attack investigations.

Malicious documents on platforms like Adobe and Dropbox can also stay active for days before takedown requests are processed, giving attackers ample time to execute their campaigns.

Read more on how attackers exploit corporate trust to execute phishing attacks: New Microsoft Teams Phishing Campaign Targets Corporate Employees

Most Commonly Abused Platforms in 2024

The research highlights six platforms that were heavily misused: