Security News > 2020 > November > How phishing attacks are exploiting Google's own tools and services

A blog post published Thursday by cybersecurity firm Armorblox details how phishing campaigns are using some of the technologies available from Google and offers advice on how to protect yourself.
In the post entitled "OK Google, Build Me a Phishing Campaign," Armorblox's co-founder and head of engineering, Arjun Sambamoorthy, explains that Google is a ripe target for exploitation due to the free and democratized nature of many of its services.
Since Google's own domain and Google forms are both trustworthy, a typical security filter would let this email pass through.
The link in the email goes to a page hosted on Google Docs with the aim of tricking both the user and traditional security filters.
Did your HR rep just email you some payroll details with a Google Doc requesting more information urgently? Call or text the HR rep and confirm that they sent the email.
News URL
Related news
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Interlock ransomware gang pushes fake IT tools in ClickFix attacks (source)
- Phishers abuse Google OAuth to spoof Google in DKIM replay attack (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)