Over the last few months, hackers have repeatedly been observed exploiting the online services of well-known hyperscalers such as Google to make phishing emails appear legitimate.
The abused services included PayPal, Microsoft SharePoint, AWS, Facebook Ads and various Google services such as Google Looker, Google Collection and Google Ads. With Google Groups, CPR has now identified another application from the global tech company that is being used for phishing spoofs. From the perspective of hackers, Google tools are particularly inviting for data theft because Google services are free and easy to use.
Google also has a variety of tools: from Docs to Sheets to Google Collection (which is already used for phishing) to Gmail or Forms, there are countless services from the Alphabet company. This is convenient for users, but also makes it easier for hackers to orchestrate social engineering and BEC 3.0 (Business Email Compromise 3.0) attacks. With the tools available, they are able to send legitimate messages via Google domains directly to users' inboxes and embed malicious content within them.
Hackers use Google Groups for phishing
The researchers at Check Point Harmony Email have now observed how hackers are also exploiting Google Groups to send fake emails, in this case in the name of the IT security provider McAfee. The attack begins with an email from Google, but leads to a fake website where login details are stolen. The phishing attempts are often not very convincing: they are full of errors, inconsistencies and a lot of misplaced equal signs, but they still demonstrate the consistently high level of ingenuity of cybercriminals.
In addition, one important aspect should not be forgotten: Exploiting Google Groups dramatically increases the likelihood that the phishing email will find its way into the inbox of potential victims, as the email is sent from a Google domain and is therefore prone to email security solutions are to classify them as trustworthy. Security administrators also cannot block Google, as its tools are used in everyday work in many organizations and companies. Ultimately, it is enough for just one person to click on a contaminated link for the fraud attempt to be profitable for the masterminds.
To protect against these attacks, security professionals can use the following technologies:
- AI-powered security defense, which can analyze and identify numerous phishing indicators to proactively thwart complex attacks.
- Comprehensive security solutions, which includes functions for scanning files and documents.
- A robust URL protection system, which performs in-depth scans and emulates websites for greater security.
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.