Cloud services provide a new channe

Cloud services provide a new channel through which social
engineers can conduct attacks on the knowledge worker.
Knowledge workers frequently collaborate with others who do
not work at the same location. Sharing information on a cloud
service has therefore become popular. In this scenario, an
attacker exploits this situation and uses the cloud as a channel
for the social engineering attack. Recent publications
described a variety of possible attacks in the cloud, e.g., an
attacker placing a malicious file into another user's cloud as
described by Gruschka and Jensen (2010) and then using social
engineering to make them execute the malicious file. A malicious
piece of software can also be used to extract personal
information from the victim's account, which is then used to
perform more targeted attacks. Mulazzani et al. (2011) provide
countermeasures to reduce the risk by preventing the attacker
from placing malicious files on Dropbox, one of the currently
most commonly used cloud services. The level of trust between
users of a shared directory or file is not always as high
as desired. Social engineers can exploit this fact by using a
fake identity or a compromised user account to invite the
victim to share specific information with the attacker in the
cloud. According to Roberts and Al-Hamdani (2011), one of the
biggest weaknesses of cloud services is that the users e
companies and individual users e lose control over their data
when they store and access it remotely. On traditional servers
that are owned by a company itself, it can restrict access and
define customized access policies. In cloud services, the responsibility
for that is shifted to a third party. Therefore, if a
cloud service is to be used for the exchange of sensitive information,
a certain level of trust must be established not only
between collaborating users, but also between the cloud
hosting company and the user. The most commonly observed
attacks on cloud services are spear-phishing and APTs