Security News > 2024 > August > New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links
Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information.
"The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements, and an Amazon look-alike to harvest the victim's information," Menlo Security researcher Ashwin Vamshi said.
"Another thing that makes Google Drawings appealing in the beginning of the attack is that it allows users to include links in their graphics," Vamshi said.
"Such links may easily go unnoticed by users, particularly if they feel a sense of urgency around a potential threat to their Amazon account."
Users who end up clicking on the verification link are taken to a lookalike Amazon login page, with the URL crafted successively using two different URL shorteners - WhatsApp followed by qrco[.
The disclosure comes as researchers have identified a loophole in Microsoft 365's anti-phishing mechanisms that could be abused to increase the risk of users opening phishing emails.
News URL
https://thehackernews.com/2024/08/new-phishing-scam-uses-google-drawings.html
Related news
- PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (source)
- CrowdStrike Warns of New Phishing Scam Targeting German Customers (source)
- OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script (source)
- AI-fueled phishing scams raise alarm ahead of U.S. presidential election (source)
- Common Business-Related Phishing Scams Include Fake HR and IT Subject Lines (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)