CyberNews Briefs

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

Cybercriminals are increasingly exploiting Google Services to conduct phishing and business email compromise (BEC) attacks, according to research firm Armorblox. Attackers are leveraging services provided by Google, such as Forms, Firebase, Docs, and more. A report from Armorblox shows how Google Forms and Docs are being used by malicious actors to convey a sense of legitimacy to their targets.

Utilizing a legit service also allows attackers’ phishing attempts to bypass many security filters and evade detection. As the COVID-19 pandemic has forced employees to transition to working from home, Google Services have been used by organizations at a higher rate. One campaign related to this discovery includes a Google Form with an American Express logo in an attempt to get victims to enter sensitive banking information.

Read More: Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.