Security News > 2020 > November > Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns
Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns.
Armorblox co-founder and head of engineering Arjun Sambamoorthy just published a report detailing how now-ubiquitous services like Google Forms, Google Docs and others are being used by malicious actors to give their spoofing attempts a false veneer of legitimacy, both to security filters and victims.
"Hosting the phishing page on a Google Form helps the initial email evade any security filters that block known bad links or domains," according to Sambamoorthy.
"Since Google's domain is inherently trustworthy, and Google forms are used for several legitimate reasons, no email security filter would realistically block this link on 'day zero.'".
Sambamoorthy told Threatpost that the security responsibility does not rest on Google alone and that organizations should not rely solely on Google's security protections for their sensitive data.
News URL
Related news
- Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Why The Modern Google Workspace Needs Unified Security (source)
- Google paid $12 million in bug bounties last year to security researchers (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)