Cybercriminals started using Google services more often in phishing campaigns

Google services in phishing campaigns

Security researchers have reported an increase in cyberattacks using Google services in phishing campaigns, as a tool to bypass security and steal credentials, credit cards, and other personal information.

The Armorblox team analysed five phishing campaigns, which they call the “the top of the deep iceberg”. The attacks exploit features of several Google services, including Google Forms, Google Docs, Google Site and Firebase and Google’s mobile application development platform.

Google offers all of these services to make it much easier to build applications. This actually encourages attackers to switch to Google instead of developing the site on their own … in a sense, it also adds credibility to phishing sites hosted by Google. the experts said.

For example, one of the phishing emails was sent ostensibly on behalf of American Express employees, informed recipients that they did not provide information when verifying their card. The link in the letter redirects the user to a page where he can enter his data. The page is hosted on Google Forms, branding American Express and prompting the victim for credentials, credit card details, and even the mother’s maiden name (a common security question).

In another attack, criminals impersonated an enterprise security team by sending an email informing the victim that they did not receive a “critical” message due to a storage quota problem. The email contains a link where they can allegedly verify their details and restart email delivery. The url redirects to a fake login page hosted on Firebase, where the victim sees their email address pre-filled above the password prompt.

Mimicking the ‘quick fill’ methods used on forms on legitimate websites is commonly used by cybercriminals to create a false sense of security for victims.say Armorblox specialists.

The URL goes through one redirect before reaching the Firebase page, hiding the attack from any security technology that might try to track it down.

Let me remind you that I also talked about the fact that Google cloud services are used for phishing.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *