fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Google’s Free Services Are Now Phishing Campaign’s Best Friends

Google’s Free Services Are Now Phishing Campaign’s Best Friends

Threat actors are abusing Google’s free productivity tools and services to create convincing phishing campaigns that steal your credentials or trick you into installing malware.

Google offers a wide array of free software and services that allow users to create documents, spreadsheets, online forms, and free websites. These tools are used by students, teachers, consumers, and the enterprise as an easy way to share documents, conduct surveys, or even create sites for free.

Unfortunately, if a service is free for us, it is also free for threat actors to abuse them as they see fit.

Threat actors abuse Google services for free

In a new report by email security firm Armorblox, researchers illustrate how threat actors are creating elaborate phishing campaigns using Google services that not only look convincing but also evade detection.

The first Google tool we will look at is the free form creation service called Google Forms that lets anyone create free online surveys that can then be sent to other users.

Threat actors, though, are abusing Google Forms to create elaborate forms that attempt to steal your credentials, like the fake American Express account recovery form below. Threat actors can then collect any submitted information at a later date.

Also Read: A Look at the Risk Assessment Form Singapore Government Requires

American express phishing form on Google Forms
American express phishing form on Google Forms
Source: Armorblox

Google Firebase is a developer platform used to create mobile and web applications hosted in the cloud.

Threat actors are using Firebase to create phishing landing pages that can include images, dynamic content, and process forms. As Firebase pages utilize a generic https://firebasestorage.googleapis.com URL, Armorblox states they will not be “blocked by any security filters due to its inherent legitimacy.” 

Below you can see a phishing email login form created on Firebase.

Phishing form created with Google's Firebase service
Phishing form created with Google’s Firebase service
Source: Armorblox

Google offers a free web hosting platform called Google Sites that allows users to create simplistic web sites that are served from the sites.google.com domain.

In an example shared by Armorblox, we can see a Google Sites page that hosts a fake Microsoft sign-in form to steal a user’s Microsoft account credentials.

Google Sites phishing landing page
Google Sites phishing landing page
Source: Armorblox

Finally, the most common Google service being used in phishing scams is Google Docs. Not only is this service used to redirect recipients to credential theft and accounting scams, but also to deliver malware.

As Google Docs is so heavily used, almost all new documents will bypass secure email gateways until they have been identified as malicious.

“Since Google Docs is ever present in our daily lives, the average recipient wouldn’t be surprised to see a Google Docs link in an email from a colleague. It won’t be blocked by any email security filter either – not on Day 0, at any rate. Using a Google Doc in this email is meant to trick both the recipient’s eye test and traditional security layers,” Armorblox explains in their report.

For example, you can see a fake ‘payslip’ download page that redirects users to a page that steals credentials.

Google Docs phishing page
Google Docs phishing page
Source: Armorblox

Google docs is also heavily used in BazarLoader malware campaigns as an intermediary page to download malware disguised as invoices, COVID-19 information, and other types of documents.

Also Read: How to Send Mass Email Without Showing Addresses: 2 Great Workarounds

BazarLoader Google Docs phishing page
BazarLoader Google Docs phishing page
Source: BleepingComputer

While this report focused on the abuse of Google services, threat actors also utilize free services from other companies, including Dropbox, Canva, and Azure.

To protect yourself from phishing scams like these, Armorblox recommends that you:

  • Follow 2FA and password management best practices
  • Subject sensitive emails to rigorous eye tests, especially when related to money.
  • Create your own lines of authentication
  • Augment native email threat detection with additional controls

Even if you follow all of these recommendations, it is critical to treat all emails with links and attachments as suspicious.

Don’t simply click on links or open attachments, instead scan them first or check with your network administrator if you’re not sure. It is also always good to call the sender by phone to confirm if they sent the email.

Just be sure not to use the phone number listed in the email, as it could be the threat actor’s number instead.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us