Security News > 2024 > August > New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links
Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information.
"The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements, and an Amazon look-alike to harvest the victim's information," Menlo Security researcher Ashwin Vamshi said.
"Another thing that makes Google Drawings appealing in the beginning of the attack is that it allows users to include links in their graphics," Vamshi said.
"Such links may easily go unnoticed by users, particularly if they feel a sense of urgency around a potential threat to their Amazon account."
Users who end up clicking on the verification link are taken to a lookalike Amazon login page, with the URL crafted successively using two different URL shorteners - WhatsApp followed by qrco[.
The disclosure comes as researchers have identified a loophole in Microsoft 365's anti-phishing mechanisms that could be abused to increase the risk of users opening phishing emails.
News URL
https://thehackernews.com/2024/08/new-phishing-scam-uses-google-drawings.html
Related news
- New Google Pixel AI feature analyzes phone conversations for scams (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes (source)
- Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Google says new scam protection feature in Chrome uses AI (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)