Google's free services are exploited by hackers for phishing campaigns
Google offers a variety of free software and services that allow users to create documents, spreadsheets, forms online and websites for free. These tools are used by students, teachers, consumers, and businesses for purposes such as sharing documents, conducting surveys or creating websites.
Unfortunately, these free services are also used by hackers to commit nefarious acts.
In a new report published by email security firm Armorblox, researchers said that thanks to Google services, hackers can create sophisticated phishing campaigns that are difficult to detect or look very convincing. .
The first tool of Google to be exploited by hackers is Google Forms free form creation service. Anyone can create a free online survey form using Forms and then send it out to other users.
According to the researchers, hackers are also using Forms to create complex forms to steal user credentials. You can see the form to recover a fake American Express account below. Using these forms, the hacker can collect all the information the victim entered.
Next is Google Firebase, a platform that allows developers to create web and mobile applications that are hosted on cloud storage. Hackers can use Firebase to create phishing sites that include images, dynamic content, and forms.
Since Firebase sites use the generic https://firebasestoreage.googleapis.com URL, they are listed as clean URLs, and will not be blocked by any security filters. Below is a phishing email login form generated by Firebase.
Google offers a website hosting platform called Google Sites that allows users to create simple websites using the sites.google.com domain name. Below is a Google Sites page that spoofs Microsoft's login page to steal a user's Microsoft account and information.
Finally, Google's most popular service being exploited by hackers is Google Docs. This service is used by hackers to scam, steal information and even trick users into installing malware.
Since Google Docs is so popular, victims will not be suspicious or alert when they see a Google Docs link in an email sent from a colleague. Besides, Google Docs is also not blocked by any email security filters. For example, you can see the fake pay stub download page in the photo below.
Google Docs is also used in BazarLoader malware distribution campaigns as the middleware. Malware links are disguised as invoices, COVID-19 translation-related information and other documents.
In addition to Google services, hackers also take advantage of free services from other companies including Dropbox, Canva and Azure.
To protect yourself, security experts recommend two-factor authentication and password management apps. You should double-check for suspicious emails and always scan the links for viruses before clicking them.
You should read it
- The way Google Docs helps you become professional
- How to create a free website with Google Sites
- Useful tools to know in Google Docs
- How to stretch line spacing in Google Docs
- The top free tools for SEO people from Google
- Instructions for dividing and merging columns on Google Docs
- How many of the best features have you missed on Google Docs?
- 10 useful tools of Google
- Back up data of Google applications
- 14 great features on Google you may not know yet
- 11 products of Google are little known
- Google Workspace is now free for users with a Google account
Maybe you are interested
How to Use Google Slides to Create a Diagram
How to stop Google Docs and Sheets from eating up RAM
Why use Waze instead of Google Maps?
How to stay safe from the scary Google Maps scam that's going viral
5 Ways to Use Google Maps Without Planning a Route
How to Share Your Exact Location with Google Plus Codes