Spoofing SaaS Vanity URLs for Social Engineering Attacks

SaaS vanity URLs can be spoofed and used for phishing campaigns and other attacks. In this article, we’ll showcase two Box link types, two Zoom link types, and two Google Docs link type that we were able to spoof.

What Is Website Spoofing?

Phishing through Slack for initial access

Social engineering (security) - Wikipedia

Beware of Spoofed Vanity URLs

Phishing through Slack for initial access

Spoofing SaaS Vanity URLs for Social Engineering Attacks

Detect and Prevent Email Spoofing - Cisco

Phishing through Slack for initial access

Swedish Windows Security User Group » Office 365 ATP

Beware of Spoofed Vanity URLs

Adaptive Shield Updates & News Center

What is Social Engineering?

Researchers uncover URL spoofing flaws on Zoom, Box, Google Docs - Help Net Security