---
title: "When it Comes to Phishing You Can no Longer Trust Trusted Services | Phish Protection"
description: "When it Comes to Phishing You Can no Longer Trust Trusted Services: At this point, it"
image: "https://phishprotection.com/og/blog/when-it-comes-to-phishing-you-can-no-longer-trust-trusted-services.png"
canonical: "https://phishprotection.com/blog/when-it-comes-to-phishing-you-can-no-longer-trust-trusted-services/"
---

Quick Answer

At this point, \_it's probably impossible to find a company that doesn't rely on some cloud-based trusted services\_. Trusted services are services offered by companies so well recognized and respected, that we never give it another thought whether to trust them or not. Companies like Google, Microsoft and Dropbox. \_We all use them and we all trust them. And that's exactly what hackers are counting on\_.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhen-it-comes-to-phishing-you-can-no-longer-trust-trusted-services%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=When%20it%20Comes%20to%20Phishing%20You%20Can%20no%20Longer%20Trust%20Trusted%20Services&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhen-it-comes-to-phishing-you-can-no-longer-trust-trusted-services%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhen-it-comes-to-phishing-you-can-no-longer-trust-trusted-services%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhen-it-comes-to-phishing-you-can-no-longer-trust-trusted-services%2F&title=When%20it%20Comes%20to%20Phishing%20You%20Can%20no%20Longer%20Trust%20Trusted%20Services "Share on Reddit") [ ](mailto:?subject=When%20it%20Comes%20to%20Phishing%20You%20Can%20no%20Longer%20Trust%20Trusted%20Services&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhen-it-comes-to-phishing-you-can-no-longer-trust-trusted-services%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/07/phishing-prevention-4578.jpg) 

At this point, _it’s probably impossible to find a company that doesn’t rely on some cloud-based trusted services_. Trusted services are services offered by companies so well recognized and respected, that we never give it another thought whether to trust them or not. Companies like Google, Microsoft and Dropbox. _We all use them and we all trust them. And that’s exactly what hackers are counting on_.

_One of the fastest growing **email security threats** today are phishing attacks that takes advantage of these trusted services_. Why do hackers use these trusted services? Because users trust them, which makes it easier to slip phishing emails past **email security defense**.

![Phishing prevention](https://media.mailhop.org/phishprotection/images/2020/07/phishing-prevention-4578.jpg) 

Case in point, from an [article](https://www.bankinfosecurity.com/phishing-attacks-dodge-email-security-a-14681) on BankInfoSecurity, “_A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point’s security protocols_. The attack profile centers on using legitimate file-sharing websites and invoice-themed **phishing attacks** to steal credentials and spread malware.”

When it comes to launching a phishing attack, hackers use these trusted services to do double duty. First, they use them to launch the **phishing email**. After all, everyone trusts an email from an Office 365 domain. Second, they use the trusted service to host the phishing page itself - the one that hosts the malicious sign-up page. _These phishing pages benefit from the trusted service as they appear to be trustworthy, based on where they reside_.

_What do these phishing attacks look like?_ According to a report, “hackers are using **spear-phishing attacks** that request the recipient to access a shared document from such cloud-based services such as Dropbox, ShareFile, WeTransfer, Google Docs, Egnyte and SharePoint. The social engineering aspect of the attack is that the sender’s email address relates in some way to the business being attacked to help lower the recipient’s suspicion.”

![Phishing prevention tips](https://media.mailhop.org/phishprotection/images/2020/07/phishing-prevention-tips-2279.jpg) 

“The spear-phishing attack sends a link requesting users to access a purchase order form with a .pdf extension. _Upon clicking, the attack automatically redirects the user to their default web browser, requesting to click the ‘Download’ button_,” according to the report. “The target is then asked to open the downloaded file, which then redirects the victim to a fake Microsoft login page.”

_This is the anatomy of a trusted services-based phishing attack_. They are hard to detect without some help. So, what’s the secret to detecting these otherwise trustworthy looking phishing emails? [Phish Protection](/), of course.

![Spear Phishing Statistics And Prevention](https://media.mailhop.org/phishprotection/images/2020/07/Spear-Phishing-Statistics-And-Prevention.jpg) 

_Phish Protection has a very important trait when it comes to stopping phishing attacks_. It doesn’t trust ANY emails. It assumes they’re all malicious and acts accordingly by conducting **real-time link scanning** for every email headed to your inbox. And what does Phish Protection do when it identifies a malicious email? _It keeps it out of your inbox. And it’s hard to get phished from an email you never receive_.

Just like the trusted services, _Phish Protection is cloud based_. That means there’s no hardware or software to buy and there’s never any maintenance cost. It also means it **sets up in 10 minutes**, working with all major email providers and with all of your devices. But that isn’t the best part of Phish Protection. _The best part is that it cost only pennies per user per month_.

Let’s face it, you’re going to use trusted services in your business. Why not trust one more to protect you from all the others. Try Phish Protection for **free for 60 days**. _No credit card required_.

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"When it Comes to Phishing You Can no Longer Trust Trusted Services","description":"When it Comes to Phishing You Can no Longer Trust Trusted Services: At this point, it's probably impossible to find a company that doesn't rely on some.","url":"https://phishprotection.com/blog/when-it-comes-to-phishing-you-can-no-longer-trust-trusted-services/","datePublished":"2020-07-29T15:15:48.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-07-29T15:15:48.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/when-it-comes-to-phishing-you-can-no-longer-trust-trusted-services/"},"articleSection":"foundational","keywords":"Phishing","wordCount":594,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/07/phishing-prevention-4578.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"When it Comes to Phishing You Can no Longer Trust Trusted Services","item":"https://phishprotection.com/blog/when-it-comes-to-phishing-you-can-no-longer-trust-trusted-services/"}]}
```