Security News > 2020 > May > ‘Hack-For-Hire’ Firms Spoof WHO To Target Google Credentials

"Hack-for-hire" organizations are the latest group of cybercriminals to take advantage of the ongoing coronavirus pandemic, using COVID-19 as a lure in phishing emails bent on stealing victims' Google credentials.

Researchers with Google's Threat Analysis Group warned that they've spotted a spike in activity from several India-based firms that have been creating Gmail accounts that spoof the World Health Organization to send coronavirus-themed phishing emails.

These websites purport to be fake login pages, that then convince victims to hand over their Google account credentials and personal identifiable information, like their phone numbers.

The accounts have largely targeted business leaders in financial services, consulting and healthcare corporations within numerous countries, including the U.S., - as well as Bahrain, Canada, Cyprus, India, Slovenia and the U.K. Over the last months, Google said they sent 1,755 warnings to users whose accounts were targets of government-backed attackers in coronavirus-related campaigns.

Another top trend that researchers highlighted as part of their Q1 2020 TAG bulletin is a spike in influence campaigns launched via YouTube, Google AdSense, Google Play and advertising accounts.

News URL

https://threatpost.com/hack-hire-spoof-who-google-credentials/156100/