Security News > 2020 > November > How phishing attacks are exploiting Google's own tools and services
A blog post published Thursday by cybersecurity firm Armorblox details how phishing campaigns are using some of the technologies available from Google and offers advice on how to protect yourself.
In the post entitled "OK Google, Build Me a Phishing Campaign," Armorblox's co-founder and head of engineering, Arjun Sambamoorthy, explains that Google is a ripe target for exploitation due to the free and democratized nature of many of its services.
Since Google's own domain and Google forms are both trustworthy, a typical security filter would let this email pass through.
The link in the email goes to a page hosted on Google Docs with the aim of tricking both the user and traditional security filters.
Did your HR rep just email you some payroll details with a Google Doc requesting more information urgently? Call or text the HR rep and confirm that they sent the email.
News URL
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Samsung phone users under attack, Google warns (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Google fixes two Android zero-days used in targeted attacks (source)