Blog

Cybercriminals are using Google services more often in phishing campaigns

Cybercriminals are using Google services more often in phishing campaigns

Cybercriminals …Security analysts have detailed an expansion in cyberattacks utilizing Google administrations as a weapon to sidestep security and take certifications, charge cards, and other individual data.

The Armorblox team analyzed five phishing campaigns, which they call the “tip of the deep iceberg”.  The attacks exploit features of several Google services, including Google Forms, Google Docs, Google Site,

and Firebase, Google’s mobile app development platform.

“Google offers all of these services to make it much easier to build applications.  This actually encourages attackers to switch to Google instead of developing the site on their own … in a sense, it also adds credibility to phishing sites hosted by Google, ”the experts said.

For example, one of the phishing emails was sent allegedly on behalf of American Express employees and informed the recipients

Cybercriminals are using Google services more often in phishing campaigns
Cybercriminals are using Google services more often in phishing campaigns

 

that they did not provide information when checking their card.  The link in the letter redirects the user to a page where he can enter his data.  The page is hosted on Google Forms, branding American Express and prompting the victim for credentials, credit card details, and even the mother’s maiden name (a common security question).

In another attack, criminals posed as an enterprise security team by email informing the victim that they had not received

a “critical” message due to a storage quota problem.  then The email contains a link where they can allegedly verify their

details and restart email delivery.  The url redirects to a fake login page hosted on Firebase, where the victim sees their email address pre-filled above the password prompt.

Mimicking the “quick fill” methods used on forms on legitimate websites is commonly used by cybercriminals to create a false

sense of security for victims.  The URL goes through one redirect before reaching the Firebase page,

hiding the attack from any security technology that might try to track it down.

You can also buy instant:

Cashapp Money Transfer Click here

Paypal Money Transfer Click here

Western Union  Money Transfer Click here

Venmo Money Transfer Click here

Bank Money Transfer Click here to Contact Us

Leave a Reply