Tactic or Technique: Free file host

Phishing attacks often use trusted file-sharing platforms like Google Drive, OneDrive, or Dropbox to deliver malicious content. Instead of attaching malware directly to an email, they send a link to a hosted file that contains a phishing page, ransomware, or another type of malicious payload.
Because these services are widely used and trusted, the links don’t always look suspicious—and many security tools allow them by default. Encrypted connections make it harder to inspect the content, and the familiar branding gives the message an added layer of credibility.
This tactic is effective because it blends in with everyday workflows. A file share link feels normal, especially if it’s framed as a contract, invoice, or shared HR document. That’s why it often gets past both technical defenses and human intuition. Without cloud-aware security controls or strong user training, it’s easy for one click to lead to compromise.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Link: Free file host link with 'Important Viewing Note' lure
19h ago
Jul 15th, 2026
Sublime Security
Zoom Events newsletter abuse
8d ago
Jul 8th, 2026
Sublime Security
Open redirect: JustPaste.it
14d ago
Jul 2nd, 2026
Sublime Security
Attachment: Romance scam with image lure and advance-fee or suspicious link indicators
15d ago
Jul 1st, 2026
Sublime Security
Link: Google Cloud Storage link with index.php in URL
16d ago
Jun 30th, 2026
Sublime Security
Link: Google Cloud Storage redirect to external domain
16d ago
Jun 30th, 2026
Sublime Security
Link: Google Cloud Storage with short-path link delivery
16d ago
Jun 30th, 2026
Sublime Security
Link: Google Cloud Storage link with redirect.html in URL
16d ago
Jun 30th, 2026
Sublime Security
Cloud storage impersonation with credential theft indicators
16d ago
Jun 30th, 2026
Sublime Security
Link: Google Cloud Storage hosted credential harvesting page
16d ago
Jun 30th, 2026
Sublime Security
Link: Free file host links from suspicious support sender with credential theft language
21d ago
Jun 25th, 2026
Sublime Security
Service abuse: DocSend share from an unsolicited reply-to address
28d ago
Jun 18th, 2026
Sublime Security
Brand impersonation: Fake Fax
29d ago
Jun 17th, 2026
Sublime Security
Impersonation: Fake product discount promotion
30d ago
Jun 16th, 2026
Sublime Security
Link: Document sharing invitation template
1mo ago
Jun 12th, 2026
Sublime Security
Attachment: PDF with self-service platform links with self sender or blank recipients
1mo ago
Jun 10th, 2026
Sublime Security
Brand impersonation: Microsoft with low reputation links
1mo ago
Jun 5th, 2026
Sublime Security
Service abuse: Linode Objects HTML file hosting
1mo ago
Jun 5th, 2026
Sublime Security
Service abuse: Citrix ShareFile impersonation via Outlook plugin
1mo ago
Jun 5th, 2026
Sublime Security
Service abuse: Google OAuth with suspicious redirect destination
1mo ago
May 27th, 2026
Sublime Security