Phishing Security: Attackers Use Google Services To Bypass Security
Phishing Security: Attackers Use Google Services to Bypass Security — Attackers used a range of Google Services, including Forms, Documents, and many other services to initiate phishing attacks and Business Email Compromise (BECs).
According to recent research, the recent increase in phishing and BEC) attacks can be attributed to the abuse of Google Services by criminals.
With the Covid-19 pandemic, many organizations that have adopted the principles of working from home have started using Google products in a free and simple way. However, realizing this, cyber attackers began to design how they could attack using Google. According to researches, Google Forms, Google Docs, and many other services are used by cyber attackers, aiming to bypass security filters with fake scenarios and trying to convince target people.
The open nature of Google has been exploited by cyber attackers, especially as all virtual offices complete with open APIs, program integrations and developer tools can exist in a Google ecosystem.
1- Google Forms
In one attack, cyber attackers used a Google Form and an American Express logo to capture sensitive information, for instance. Research has shown that by hosting a phishing link on a Google Form, the email bypasses any security filters blocking known bad links or domains.
Since the domain of Google is reliable and Google forms are used by many organizations for various reasons, no email security filter prevents this attack.
Phishing Security: Attackers Use Google Services to Bypass Security — Source: Armorblox.
According to the study, Google Form helped attackers with their social engineering strategy. In another attack, researchers found that criminals used an imaginary letter from a widow who had no children looking for someone to inherit her wealth. In this attack, the link in the email redirects to a Google Form with an empty question field.
Phishing Security: Attackers Use Google Services to Bypass Security — Source: Armorblox.
Although most people after reviewing this content understand that this is this fake form, some people may have been victims of this by focusing on the only option available in the form or by responding to the address provided in the email.
2- Google Docs and Other Services
According to research, Firebase, Google’s mobile platform, was also used in another way to host a phishing page. In this way, due to the reasons we mentioned above, attacks easily bypassed the email filters. Because the Firebase platform is considered a reliable platform by many.
According to the researchers, in a payroll fraud scam hosted by Google services, a fake email link sent recipients with a Google Docs file to “confirm” their payment information.
Yet, in another attack, target users received an email from a fake IT team asking a colleague to review a secure message in Microsoft Teams. However, this link leads to a web page with a fake Office 365 login portal hosted on Google Sites.
The attack can go unnoticed, researchers say, especially during rush hours, such as the morning hours, most people will assume this is an actual Microsoft page.
3 — Hijacking Google Services
Malicious people are starting to emerge as a full-fledged trend, using Google Services to bring malicious activity to life.
In early November, researchers uncovered 265 Google Forms attacks impersonating brands such as AT&T, Citibank, and Capitol One. Malicious actors using these attacks, even attacks targeting government agencies such as the Internal Revenue Service and the Mexican Government have been exposed.
The forms were removed by Google after being reported by some researchers.
Phishing Security: Attackers Use Google Services to Bypass Security — Source: Armorblox.
Again, scammers used a real Google Drive service to get victims to click on malicious links.
Cyber attackers who previously attacked using Google Calendar had committed a sophisticated cyberattack targeting mobile Gmail users via fake, unsolicited Google meeting notifications.
Google emphasizes that the company takes every precaution to keep malicious actors away from their platforms. Google develops additional ways to prevent such attacks.
However, Google does not have the sole responsibility for security, and all organizations must take appropriate measures to protect sensitive data.
Phishing Security: Attackers Use Google Services to Bypass Security — How to Stop These Attacks?
1- Use our Free Phishing simulator for employees — Test your employee’s phishing security vulnerability for free.
Keepnet Free Phishing simulator tool helps businesses train their employees to identify phishing attacks and report them which bypass technological measures and gets to the inbox of the users.
2- Over Hundred of Phishing Email Templates
Using Keepnet phishing simulation software, organizations are able to schedule an unlimited number of simulated phishing tests, to evaluate their level of vulnerability. Extensive and customizable
Free Phishing simulator — Free Phishing website generator — Click the button and start your free trial today
3- Try our free phishing awareness training.
4- See our other cyber security blogs below:
- Free Anti Phishing Software
- PASSWORD SECURITY — HOW IT REALLY HAPPENED: MY PASSWORD IS ‘PASSWORD’
- Office 365 Phishing Attack Using Real-Time Validation
- Anti phishing solutions: anyone can be a victim of phishing attack
- Instagram “Help Center” Phishing Attack
- Phishing Security: Attackers Use Google Services To Bypass Security
- Mobile phishing attacks
- Why is Phishing Rising in the World?
- What is Cybersecurity Training? Why is cybersecurity training necessary?
- Cybersecurity Training — Cyber Security Awareness Training: The Biggest Threat is Lack of Cybersecurity Training in Lockdown
- Insider Threats — HOW IT REALLY HAPPENED: NINJIO SEASON 2, EPISODE 10, BEWARE OF THE INSIDER
- Cyber Security Awareness Training and Improving Anti-Phishing Behavior
- US Hospitals Have Increased Email Security Against CEO Fraud
- Phishing Security Awareness Training: 15 Types of Phishing Attacks You Should Know in 2020
- Why Is Cyber Security Awareness Training Important?
- Top Brands Used in Phishing Attacks in 2020
- URL Tracking Systems are Abused for Phishing Attacks
- Phishing Scams Using Text Messages
- PENSION PLAN TELESCAM — VISHING — PHONE PHISHING: NINJIO SEASON 2, EPISODE 9
- DocuSign Data Breach — HOW IT REALLY HAPPENED — ELECTROSIGN OF THINGS TO COME
- WannaCry Ransomware Attack: All You Should Know
- 2020 Email Security Solutions
- Are you safe? Use the Best Anti-Phishing Software That Can Help You Fight Against Phishing Attacks in 2020
- The Future of Cyber Crime
- Data Breaches in 2019
- Best Practices Against Email Attacks
- Rethinking Anti-phishing Solutions
- Two-Factor Authentication Phishing Scam
- Bot Malware Attacking Financial Mobile Applications
- Social Engineering
- 2020 Email Security Trends and Challenges Organisations Need to Know
- Badge Surfer Attack — Physical Security — SAUDI ARAMCO BREACH
- Antivirus Tools Can’t Stop Phishing Attacks
- Cybersecurity Awareness Training for Employees
- ELECTRONIC VOTE MACHINE HACKING — HOW IT REALLY HAPPENED: NINJIO SEASON 1, EPISODE 11,
- Keep Your Institution Safe with A Phishing Simulation Software!
- 2020 Phishing Trends Report
- Working in a Coronavirus World: Best Remote Working Strategies
- What Are Insider Threats and How Can You Mitigate Them?
- Phishing Attacks with Legitimate URLs
- Whaling Attacks Are on the Rise
- Using Real Brands in Phishing Simulations
- Top Spear Phishing Threats and Trends
- Social Media Phishing
- The Ransomware Risks in Office Files
KEEPNET NINJIO is a cybersecurity awareness solution that uses engaging, 3 to 4 minute Hollywood style micro-learning videos to train employees and organizations to become defenders against cyber threats. KEEPNET NINJIO educates organizations, employees, and families against cyberattacks, making them the first line of defense against today’s advanced attacks. Try for free.
5- Free Phishing simulator — Free Phishing website generator
Free Phishing simulator — Free Phishing website generator — Click the button and start your free trial today