Crooks Tap Google Firebase in Fresh Phishing Tactic
Researchers have uncovered a new series of phishing campaigns that use Google Firebase storage URLs, stating that the threat actors are leveraging the reputation of cloud infrastructure created by Google to lure victims. The phishing campaign begins with spam emails that prompt victims to click on a Firebase link inside the email that advertises false content. The link then takes the target to a spoofed login page, typically for Office 365, Outlook, or banking apps.
The credentials entered at this point are sent to that threat actors. Google Firebase is a web application development platform, while its storage feature provides secure file uploads. Companies use Firebase storage to keep their data in a Google cloud storage bucket. Although the campaigns occurred on a global scale and throughout various industries, researchers have confirmed that the majority of successful attacks have been in Europe and Australia.