Security News > 2023 > September > Google Looker Studio abused in cryptocurrency phishing attacks
Cybercriminals are abusing Google Looker Studio to create counterfeit cryptocurrency phishing websites that phish digital asset holders, leading to account takeovers and financial losses.
Check Point researchers have discovered that hackers are exploiting the trusted service of Google Looker Studio to craft cryptocurrency phishing pages.
The phishing emails supposedly originate from Google and include the tech giant's letterhead, informing the recipient that as part of their participation in the firm's premium cryptocurrency insights and trading strategies program, they have won roughly 0.75 Bitcoin.
Clicking on the URL leads victims to phishing pages that host a Google Slideshow promising cryptocurrency winnings, but on this step, the amount has been raised to 1.35 BTC. The visitor is requested to enter their crypto wallet login details to receive the amount, and a timer introduces urgency to the whole process and makes it easier to miss obvious signs of fraud.
Google says users can report malicious content and phishing pages on Google Looker Studio via their reporting tool.
Threat actors abuse Google AMP for evasive phishing attacks.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Google takes action after coder reports 'most sophisticated attack I've ever seen' (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Google to Iran: Yes, we see you using Gemini for phishing and scripting. We're onto you (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)