Phishing Security: Attackers Use Google Services To Bypass SecurityOrhan Sari
Phishing Security: Attackers Use Google Services to Bypass Security
Phishing Security: Attackers Use Google Services to Bypass Security – Attackers used a range of Google Services, including Forms, Documents, and many other services to initiate phishing attacks and Business Email Compromise (BECs).
According to recent research, the recent increase in phishing and BEC) attacks can be attributed to the abuse of Google Services by criminals.
With the Covid-19 pandemic, many organizations that have adopted the principles of working from home have started using Google products in a free and simple way. However, realizing this, cyber attackers began to design how they could attack using Google. According to researches, Google Forms, Google Docs, and many other services are used by cyber attackers, aiming to bypass security filters with fake scenarios and trying to convince target people.
The open nature of Google has been exploited by cyber attackers, especially as all virtual offices complete with open APIs, program integrations and developer tools can exist in a Google ecosystem.
1- Google Forms
In one attack, cyber attackers used a Google Form and an American Express logo to capture sensitive information, for instance. Research has shown that by hosting a phishing link on a Google Form, the email bypasses any security filters blocking known bad links or domains.
Since the domain of Google is reliable and Google forms are used by many organizations for various reasons, no email security filter prevents this attack.
According to the study, Google Form helped attackers with their social engineering strategy. In another attack, researchers found that criminals used an imaginary letter from a widow who had no children looking for someone to inherit her wealth. In this attack, the link in the email redirects to a Google Form with an empty question field.
Although most people after reviewing this content understand that this is this fake form, some people may have been victims of this by focusing on the only option available in the form or by responding to the address provided in the email.
2- Google Docs and Other Services
According to research, Firebase, Google’s mobile platform, was also used in another way to host a phishing page. In this way, due to the reasons we mentioned above, attacks easily bypassed the email filters. Because the Firebase platform is considered a reliable platform by many.
According to the researchers, in a payroll fraud scam hosted by Google services, a fake email link sent recipients with a Google Docs file to “confirm” their payment information.
Yet, in another attack, target users received an email from a fake IT team asking a colleague to review a secure message in Microsoft Teams. However, this link leads to a web page with a fake Office 365 login portal hosted on Google Sites.
The attack can go unnoticed, researchers say, especially during rush hours, such as the morning hours, most people will assume this is an actual Microsoft page.
3 – Hijacking Google Services
Malicious people are starting to emerge as a full-fledged trend, using Google Services to bring malicious activity to life.
In early November, researchers uncovered 265 Google Forms attacks impersonating brands such as AT&T, Citibank, and Capitol One. Malicious actors using these attacks, even attacks targeting government agencies such as the Internal Revenue Service and the Mexican Government have been exposed.
The forms were removed by Google after being reported by some researchers.
Again, scammers used a real Google Drive service to get victims to click on malicious links.
Cyber attackers who previously attacked using Google Calendar had committed a sophisticated cyberattack targeting mobile Gmail users via fake, unsolicited Google meeting notifications.
Google emphasizes that the company takes every precaution to keep malicious actors away from their platforms. Google develops additional ways to prevent such attacks.
However, Google does not have the sole responsibility for security, and all organizations must take appropriate measures to protect sensitive data.
Phishing Security: Attackers Use Google Services to Bypass Security – How to Stop These Attacks?
1- Use our Free Phishing simulator for employees – Test your employee’s phishing security vulnerability for free.
Keepnet Free Phishing simulator tool helps businesses train their employees to identify phishing attacks and report them which bypass technological measures and gets to the inbox of the users.
2- Over Hundred of Phishing Email Templates
Using Keepnet phishing simulation software, organizations are able to schedule an unlimited number of simulated phishing tests, to evaluate their level of vulnerability. Extensive and customizable