Security News > 2021 > February > Microsoft Office 365 Attacks Sparked from Google Firebase

A phishing campaign bent on stealing Microsoft login credentials is using Google Firebase to bypass email security measures in Microsoft Office 365, researchers said.

Clicking the thumbnail or "View File" link leads to the final phishing page, asking victims to log in with their Microsoft credentials, and asks them to provide alternate email addresses or phone numbers - an effort to collect data that could be used to get around two-factor authentication or account recovery mechanisms.

"Microsoft assigned a Spam Confidence Level of '1' to this email, which meant that Microsoft did not determine the email as suspicious and delivered it to end-user mailboxes."

Interestingly, by hosting the phishing page HTML on Google Firebase, an inherently trusted domain, the emails were able to nip past built-in Microsoft security filters, including Exchange Online Protection and Microsoft Defender for Office 365.

Firebase has been leveraged in previous attacks; for instance, last year a series of phishing campaigns using Google Firebase storage URLs surfaced, showing that cybercriminals continue to leverage the reputation of Google's cloud infrastructure to dupe victims and skate by secure email gateways.

For better protection against email-borne threats, employees should be trained to engage with emails related to money and data with an "Eye test" that includes inspecting the sender name, sender email address, language within the email and any logical inconsistencies within the email, according to Armorblox.

News URL

https://threatpost.com/microsoft-office-365-attacks-google-firebase/163666/