The Gist
In 2024, nearly 9% of credential phishing campaigns exploited trusted cloud collaboration platforms like Dropbox, Adobe, and DocuSign to steal sensitive information. To bypass Secure Email Gateways (SEGs), attackers are increasingly embedding phishing links within files hosted on legitimate services that employees use and trust every day.
The most commonly abused platforms include Adobe, Docusign, Dropbox, Canva, and Zoho. Chosen for their ubiquity across organizations of all sizes, these services provide an ideal cover for credential threats.
The Latest
These cloud platforms are appealing to attackers for one reason: trust. Employees are far less likely to question a Dropbox or DocuSign link than a strange domain. With GenAI making phishing content more convincing and targeted, that trust is weaponized.
While abuse of platforms like DocuSign isn’t new, attackers increasingly shift towards tools with broader reach and weaker security. Here’s where they’re focusing—and why:
- Dropbox (25.5%): High user volume means phishing files often stay online longer, giving attackers more time to succeed.
- Adobe (17%): Malicious PDFs are commonly used and can often slip past SEGs undetected.
- SharePoint (17%): Fake accounts are used to impersonate colleagues or partners, making phishing messages seem internal.
- DocuSign (16%): Commonly used in both HR and QR Code phishing, thanks to readily available phishing templates on cybercrime marketplaces.
Trustmi’s Take
These phishing campaigns reveal a deeper truth: traditional security tools aren’t designed to catch legitimate-looking activity inside trusted platforms. Secure Email Gateways weren’t built to inspect links inside Dropbox folders or detect abnormalities in a legitimate-looking SharePoint document.
That’s the problem. Today’s attackers aren’t just spoofing emails—they’re embedding themselves into real systems and workflows, where everything looks routine. The invoice looks right. The vendor name checks out. The link comes from a familiar tool, but the intent is malicious, and often invisible to siloed security controls.
Preventing this kind of fraud requires more than smarter filters. It demands behavioral context across the entire system: vendors, employees, payments, and platforms. That’s where the next evolution of fraud defense begins.
Interested in how Trustmi can protect your organization’s finances? Book a demo with us today!
