Security News > 2024 > August > New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links

New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links
2024-08-08 09:41

Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information.

"The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements, and an Amazon look-alike to harvest the victim's information," Menlo Security researcher Ashwin Vamshi said.

"Another thing that makes Google Drawings appealing in the beginning of the attack is that it allows users to include links in their graphics," Vamshi said.

"Such links may easily go unnoticed by users, particularly if they feel a sense of urgency around a potential threat to their Amazon account."

Users who end up clicking on the verification link are taken to a lookalike Amazon login page, with the URL crafted successively using two different URL shorteners - WhatsApp followed by qrco[.

The disclosure comes as researchers have identified a loophole in Microsoft 365's anti-phishing mechanisms that could be abused to increase the risk of users opening phishing emails.


News URL

https://thehackernews.com/2024/08/new-phishing-scam-uses-google-drawings.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995
Whatsapp 5 1 11 13 16 41