Soldier
Essential
- Joined
- 20.10.20
- Messages
- 87
- Reaction score
- 642
- Points
- 83
Security researchers have reported an increase in cyber attacks using Google services as a weapon to circumvent security measures and steal credentials, credit card data and other personal information.
A team of experts from Armorblox analyzed five phishing campaigns, which they call the "tip of the deep iceberg". The attacks use features from several Google services, including Google Forms, Google Docs, Google Site, and Firebase, Google's mobile app development platform.
"Google offers all these services that make it much easier to create apps. This actually encourages attackers to switch to Google instead of developing the site themselves... in a sense, it also adds credibility to phishing sites hosted on Google, " the experts said.
For example, one of the phishing emails was sent allegedly on behalf of American Express employees and informed recipients that they did not provide information when checking their card. The link in the email redirects the user to a page where they can enter their data. The page is hosted on Google Forms, contains American Express branding, and prompts the victim to enter their credentials, credit card details, and even their mother's maiden name (a common security question).
In another attack, criminals posed as the enterprise security team with an email informing the victim that they had not received a "critical" message due to a storage quota issue. The email contains a link where they can supposedly check their details and restart email delivery. The URL redirects to a fake authorization page hosted on Firebase, where the victim sees their email address pre-filled in above the password request.
Imitating the "quick fill" methods used in forms on legitimate websites is commonly used by cybercriminals to create a false sense of security for victims. The URL goes through one redirect before reaching the Firebase page, hiding the attack from any security technology that might try to track it.
carding news cyber news cybercriminals cybercriminals news google news hacking news security news
A team of experts from Armorblox analyzed five phishing campaigns, which they call the "tip of the deep iceberg". The attacks use features from several Google services, including Google Forms, Google Docs, Google Site, and Firebase, Google's mobile app development platform.
"Google offers all these services that make it much easier to create apps. This actually encourages attackers to switch to Google instead of developing the site themselves... in a sense, it also adds credibility to phishing sites hosted on Google, " the experts said.
For example, one of the phishing emails was sent allegedly on behalf of American Express employees and informed recipients that they did not provide information when checking their card. The link in the email redirects the user to a page where they can enter their data. The page is hosted on Google Forms, contains American Express branding, and prompts the victim to enter their credentials, credit card details, and even their mother's maiden name (a common security question).
In another attack, criminals posed as the enterprise security team with an email informing the victim that they had not received a "critical" message due to a storage quota issue. The email contains a link where they can supposedly check their details and restart email delivery. The URL redirects to a fake authorization page hosted on Firebase, where the victim sees their email address pre-filled in above the password request.
Imitating the "quick fill" methods used in forms on legitimate websites is commonly used by cybercriminals to create a false sense of security for victims. The URL goes through one redirect before reaching the Firebase page, hiding the attack from any security technology that might try to track it.
carding news cyber news cybercriminals cybercriminals news google news hacking news security news