Phishing campaigns often have typos, fake links that are far too obvious, and other red flags that most individuals can identify with relative ease, said Corey O’Connor, director of products at DoControl. O’Connor was concerned that by simply changing the subdomain, a bad actor can create a link that appears completely legitimate.
“Negligent insiders continue to fall for less convincing phishing attempts,” O’Connor said. “This vulnerability widens the attack vector in SaaS, and does so in a very convincing way. It’s another example where SaaS security and insider risk need to be prioritized and more effectively managed by CISOs and practitioners respectively.”