This attack starts with creating a Google document directly sent to the user via email from this spoofed [email protected] address.
Check Point researchers have discovered a new phishing scam campaign that distributes illegitimate URLs by exploiting Google Docs, with the aim of stealing the victim’s cryptocurrency credentials.
According to a research report authored by Jeremy Fuchs, a cybersecurity researcher, and analyst at Check Point Software, and shared with Hackread.com, Google Docs is the latest attack vector phishers are using to redirect users to credential harvesting sites.
Hackers Exploiting Google Docs Services to Distribute Malicious URLs
Check Point researchers observed that legit services of Google Docs are being exploited to send illegitimate messages or URLs, such as the email, pages, and comment features in Google Docs, which indicates the evolving nature of Business Email Compromise (BEC) campaigns.
Dubbing the campaign BEC 3.0, researchers wrote that using legit sites makes it easier for attackers to make their phishing attempts successful because it doesn’t raise any suspicion. In an attack analyzed by Check Point’s team, hackers sent links redirecting to bogus cryptocurrency sites.
How Does The Attack Occur?
This attack starts with creating a Google document directly sent to the user via email from this address: [email protected]. After clicking on the link included in the email, the user is redirected to a legit Google Docs page, supposedly a OneDrive knockoff page, and that’s where the user gets tricked and is made to visit a fake cryp ..
Support the originator by clicking the read the rest link below.
