Security News > 2023 > September > Google Looker Studio abused in cryptocurrency phishing attacks
Cybercriminals are abusing Google Looker Studio to create counterfeit cryptocurrency phishing websites that phish digital asset holders, leading to account takeovers and financial losses.
Check Point researchers have discovered that hackers are exploiting the trusted service of Google Looker Studio to craft cryptocurrency phishing pages.
The phishing emails supposedly originate from Google and include the tech giant's letterhead, informing the recipient that as part of their participation in the firm's premium cryptocurrency insights and trading strategies program, they have won roughly 0.75 Bitcoin.
Clicking on the URL leads victims to phishing pages that host a Google Slideshow promising cryptocurrency winnings, but on this step, the amount has been raised to 1.35 BTC. The visitor is requested to enter their crypto wallet login details to receive the amount, and a timer introduces urgency to the whole process and makes it easier to miss obvious signs of fraud.
Google says users can report malicious content and phishing pages on Google Looker Studio via their reporting tool.
Threat actors abuse Google AMP for evasive phishing attacks.
News URL
Related news
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)