Attacks against users of free cloud services are common, especially popular ones such as pCloud. But unlike the emails we usually receive, which have a few simple clues that reveal their malicious origin, this time the hackers carried out a rather well-thought-out campaign that almost caught us out.
They make you believe that someone has logged into your pCloud account
The trick is simple and relies on a practice established by major software players such as Google, PayPal, Hubspot, etc. When you log into one of these services, you sometimes receive an email notification alerting you to a login attempt, including the geographical location or even the IP address of the person attempting to log in. For example, on Google services, the notification email includes the famous message:
We’ve detected a new login to your Google account. If it was you, no action is required. If not, we’ll help you secure your account.
To attack users of pCloud, hackers used this approach, copying the notification email word for word to impersonate the company and make it look like a fraudulent login attempt:
As you can see, there are very few differences between the original email and the hacked version… but the devil is in the details.
How did we identify that this was phishing?
We first received the email on our mobile phone, but we had doubts about its origin. So we decided to open it again on a computer, and it was very easy to identify the phishing attempt:
The sender’s name was listed as “pCloud Team,” but the actual email address was completely different (this is a common technique used by hackers).
The links used on the buttons in the email redirected to a suspicious URL
It is worth noting the creative approach taken by the hackers, who wrote: “Verify Email Source! Authentic pCloud communications only come from these senders: pCloud Team.” Authentic pCloud communications only come from these senders: pCloud Team“). This message is intended to make the email appear even more authentic.”
That’s not all: the sender does appear to indicate this name, but this method is actually a way of lowering the user’s guard, who will not go so far as to verify the email address used, as shown below, where we see the email used by the hackers, which has nothing to do with the pCloud company:
Why did hackers target pCloud users?
It is important to note that pCloud is a company specializing in secure cloud storage and online file sharing. Founded in 2013 and based in Switzerland, it offers an encrypted storage solution accessible on various platforms (Windows, macOS, Linux, iOS, and Android). pCloud stands out for its advanced encryption options, including pCloud Crypto, which allows users to secure their files with client-side encryption. The company offers flexible subscriptions, including lifetime plans, and emphasizes data privacy, benefiting from Switzerland’s strict data protection laws.
This type of service is an ideal target for hackers, as they can target a large number of users, including both novice users and those with experience in IT security issues.
How did hackers manage to target real pCloud users?
This is the real question: we were victims of this phishing campaign, even though we are also registered with the pCloud service. Was this a coincidence? Or was it a data leak that allowed hackers to target their attack?
At this time, we have no information on this subject, but we urge our readers to be vigilant and never click on a link without first checking the sender’s email address and analyzing the link in the email.
[New] 4 ebooks on digital marketing available for free download
Ce site utilise des cookies pour améliorer votre expérience. Nous supposerons que cela vous convient. RéglageACCEPTER
Politique de confidentialité
Politique de confidentialité
Ce site utilise des cookies pour améliorer votre expérience de navigation sur le site. Hors de ces cookies, les cookies classés comme nécessaires sont stockés dans votre navigateur car ils sont aussi essentiels au fonctionnement des fonctionnalités de base du site. Nous utilisons également des cookies tiers qui nous aident à analyser et à comprendre comment vous utilisez ce site. Ces cookies ne seront stockés dans votre navigateur qu'avec votre consentement. Vous avez également la possibilité de désactiver ces cookies. Toutefois, la désactivation de certains de ces cookies peut avoir une incidence sur votre expérience de navigation.
Les cookies nécessaires sont absolument essentiels au bon fonctionnement du site. Cette catégorie inclut uniquement les cookies qui garantissent les fonctionnalités de base et les fonctionnalités de sécurité du site Web. Ces cookies ne stockent aucune information personnelle.
