Phishing Campaigns Exploit Vercel's Free Hosting Platform
Severity: Medium (Score: 51.9)
Sources: Kaseya
Published: · Updated:
Keywords: three, phishing, campaigns, abusing, vercel, free, hosting
Severity indicators: rce, pla
Summary
Cybercriminals have launched three phishing campaigns utilizing Vercel's free hosting service to distribute malicious content. The attacks leverage familiar platforms like Zoom and ConnectWise ScreenConnect to send fraudulent SSA alerts, tricking users into providing sensitive information. The campaigns are characterized by their sophisticated tactics, exploiting trust and human instinct. Organizations using these platforms are particularly at risk, as the phishing attempts aim to deceive users into believing they are legitimate communications. INKY has observed these evolving threats, highlighting the need for enhanced email security measures. The full scope of the impact remains unclear, but the potential for widespread user compromise is significant. Current status indicates ongoing monitoring of these phishing activities. Key Points: • Phishing campaigns are exploiting Vercel's free hosting platform. • Attackers use familiar services like Zoom to send fraudulent alerts. • Organizations must enhance email security to combat these evolving threats.
Detailed Analysis
**Impact** Multiple phishing campaigns have targeted users by exploiting Vercel's free hosting platform to host malicious content. The campaigns affect organizations relying on trusted communication channels, particularly those using Zoom and ConnectWise ScreenConnect, where fake SSA alerts were used to deceive users. Specific sectors, geographic regions, and the scale of affected entities are not detailed in the available information. The primary risk involves credential theft and potential unauthorized access due to successful phishing. **Technical Details** Attackers leveraged Vercel's free hosting service to deploy phishing pages, using social engineering tactics that mimic legitimate alerts from Zoom and ConnectWise ScreenConnect. The campaigns involved sending fake SSA alerts to trick users into interacting with malicious content. No malware, CVEs, or detailed infrastructure indicators of compromise (IOCs) are provided in the source material. The attacks primarily operate at the delivery and exploitation stages of the kill chain. **Recommended Response** Defenders should enhance email security measures to detect and block phishing attempts, particularly those impersonating trusted platforms like Zoom and ConnectWise ScreenConnect. Monitoring for unusual use of Vercel-hosted URLs in inbound emails is advised. User awareness training focused on identifying fake alerts and suspicious links should be prioritized. No specific patches or IOCs are available for immediate blocking actions.
Source articles (2)
- Three phishing campaigns abusing Vercel's free hosting platform — Kaseya · 2026-06-10
Kaseya 365 is the all-in-one solution for managing, securing, and automating IT. With seamless integrations across critical IT functions, it simplifies operations, strengthens security, and boosts eff… - Three phishing campaigns abusing Vercel's free hosting platform — Kaseya · 2026-06-10
Kaseya 365 is the all-in-one solution for managing, securing, and automating IT. With seamless integrations across critical IT functions, it simplifies operations, strengthens security, and boosts eff…
Timeline
- 2026-06-10 — Phishing campaigns reported: Three phishing campaigns abusing Vercel's free hosting platform were identified, targeting users with fake alerts.
- Recent — Ongoing monitoring by INKY: INKY continues to observe these phishing threats as they evolve, emphasizing the need for vigilance.
Related entities
- Phishing (Attack Type)
- T1566 - Phishing (Mitre Attack)
- Kaseya 365 (Platform)
- Zoom (Platform)
- Vercel (Company)
- ConnectWise ScreenConnect (Tool)