3 Recent Attacks Where Phishers Abused Google’s Services

In a recent blog post, I discussed seven instances in which digital attackers abused Microsoft to launch phishing campaigns in recent years. The reality is that Microsoft is just one of the many companies targeted by phishers. Email attackers misuse the services of others, too.

Take Google as an Example

Attackers have a history of abusing Google’s services. Back in May 2020, for instance, Trustwave SpiderLabs detected multiple phishing attempts abusing Google Firebase, a mobile and web application development platform which provides secure uploads and downloads for supported apps. Some of those attack attempts used the pandemic and Internet banking as lures to trick victims into clicking on a fake vendor payment form that redirected them to a phishing page hosted on Firebase Storage. Others used an Office 365 phishing lure to redirect victims to an Office 365 phishing page hosted on Firebase.

Several months after that, Threatpost reported on a campaign in which digital attackers used Google Forms to create phishing landing pages masquerading as the login pages for more than 25 different entities. Security researchers detected a total of more than 250 different pages created using Google Forms as part of the campaign. More than 70% of those fake login pages impersonated AT&T, while the others claimed to belong to various financial organizations, collaboration apps, and government agencies.

It was about a month later when Zix | AppRiver detected an email that came from someone named “Diana.” Using the subject line “Re-validation,” the message claimed to be official correspondence from Microsoft Exchange requiring recipients to upgrade to the “latest e-mail Outlook Web Apps 2020.” The email contained an “UPGRADE” link that, when clicked, redirected victims to a file hosted via Google Docs and disguised as an OWA login portal.

Google’s Upcoming 2SV Auto-Enroll Drive

In response to the attacks discussed above, among others, Google is taking steps to protect its users. One of its most recent initiatives involves an effort to auto-enroll 150 million users accounts into its two-step verification (2SV) feature. As part of that drive, the tech giant announced its intention to require two million YouTube creators to turn on the feature, as well.

“We also recognize that today’s 2SV options aren’t suitable for everyone, so we are working on technologies that provide a convenient, secure authentication experience and reduce the reliance on passwords in the long-term,” Google explained in a blog post. “Right now we are auto-enrolling Google accounts that have the proper backup mechanisms in place to make a seamless transition to 2SV. To make sure your account has the right settings in place, take our quick Security Checkup.”

How to Defend Against Email Attacks Abusing Google

Organizations can take several steps to defend themselves against email attacks abusing the services of Google and other tech providers. First, they can use security awareness training to educate their users about new email attacks. They can also highlight the point that Google intends to “auto-enroll” users into its 2SV feature, which means they won’t have to do anything on their end. As such, organizations can educate employees to be wary of emails that disguise themselves as Google informing recipients that they need to activate 2FA on their accounts.

That’s not all organizations can do. They can also emphasize the importance of users logging into their web accounts by visiting a website directly, suggest that employees proactively enroll in 2FA schemes on whichever accounts they can, and avoid clicking on links embedded in emails. Finally, they can use a security solution to scan incoming emails on multiple layers.