Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns
Cybercriminals are increasingly exploiting Google Services to conduct phishing and business email compromise (BEC) attacks, according to research firm Armorblox. Attackers are leveraging services provided by Google, such as Forms, Firebase, Docs, and more. A report from Armorblox shows how Google Forms and Docs are being used by malicious actors to convey a sense of legitimacy to their targets.
Utilizing a legit service also allows attackers’ phishing attempts to bypass many security filters and evade detection. As the COVID-19 pandemic has forced employees to transition to working from home, Google Services have been used by organizations at a higher rate. One campaign related to this discovery includes a Google Form with an American Express logo in an attempt to get victims to enter sensitive banking information.