Google's free services are exploited by hackers for phishing campaigns

Google offers a variety of free software and services that allow users to create documents, spreadsheets, forms online and websites for free. These tools are used by students, teachers, consumers, and businesses for purposes such as sharing documents, conducting surveys or creating websites.

Unfortunately, these free services are also used by hackers to commit nefarious acts.

In a new report published by email security firm Armorblox, researchers said that thanks to Google services, hackers can create sophisticated phishing campaigns that are difficult to detect or look very convincing. .

The first tool of Google to be exploited by hackers is Google Forms free form creation service. Anyone can create a free online survey form using Forms and then send it out to other users.

According to the researchers, hackers are also using Forms to create complex forms to steal user credentials. You can see the form to recover a fake American Express account below. Using these forms, the hacker can collect all the information the victim entered.

Google's free services are exploited by hackers for phishing campaigns Picture 1

Next is Google Firebase, a platform that allows developers to create web and mobile applications that are hosted on cloud storage. Hackers can use Firebase to create phishing sites that include images, dynamic content, and forms.

Since Firebase sites use the generic https://firebasestoreage.googleapis.com URL, they are listed as clean URLs, and will not be blocked by any security filters. Below is a phishing email login form generated by Firebase.

Google's free services are exploited by hackers for phishing campaigns Picture 2

Google offers a website hosting platform called Google Sites that allows users to create simple websites using the sites.google.com domain name. Below is a Google Sites page that spoofs Microsoft's login page to steal a user's Microsoft account and information.

Google's free services are exploited by hackers for phishing campaigns Picture 3

Finally, Google's most popular service being exploited by hackers is Google Docs. This service is used by hackers to scam, steal information and even trick users into installing malware.

Since Google Docs is so popular, victims will not be suspicious or alert when they see a Google Docs link in an email sent from a colleague. Besides, Google Docs is also not blocked by any email security filters. For example, you can see the fake pay stub download page in the photo below.

Google's free services are exploited by hackers for phishing campaigns Picture 4

Google Docs is also used in BazarLoader malware distribution campaigns as the middleware. Malware links are disguised as invoices, COVID-19 translation-related information and other documents.

Google's free services are exploited by hackers for phishing campaigns Picture 5

In addition to Google services, hackers also take advantage of free services from other companies including Dropbox, Canva and Azure.

To protect yourself, security experts recommend two-factor authentication and password management apps. You should double-check for suspicious emails and always scan the links for viruses before clicking them.

Lesley Montoya

Update 20 November 2020