Security News > 2020 > November > Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns
2020-11-20 20:56

Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns.

Armorblox co-founder and head of engineering Arjun Sambamoorthy just published a report detailing how now-ubiquitous services like Google Forms, Google Docs and others are being used by malicious actors to give their spoofing attempts a false veneer of legitimacy, both to security filters and victims.

"Hosting the phishing page on a Google Form helps the initial email evade any security filters that block known bad links or domains," according to Sambamoorthy.

"Since Google's domain is inherently trustworthy, and Google forms are used for several legitimate reasons, no email security filter would realistically block this link on 'day zero.'".

Sambamoorthy told Threatpost that the security responsibility does not rest on Google alone and that organizations should not rely solely on Google's security protections for their sensitive data.


News URL

https://threatpost.com/google-services-weaponized-to-bypass-security-in-phishing-bec-campaigns/161467/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4226 4525 728 9732