Cybernews reports that nearly 3,200 Check Point customers have been targeted with 9,394 phishing emails with the official Google domain crafted through Google Cloud automation tool exploitation over the past two weeks.
Abuse of Google Cloud's Application Integration Send Email task has allowed threat actors to deliver bogus no-reply emails purporting to be Google notifications regarding voicemail messages and file access that include links redirecting to another website with the googleusercontent[.]com top-level domain, according to Check Point Harmony Email Security researchers. Such a website uses CAPTCHA verification before redirecting to a fake Microsoft login page that sought to exfiltrate user credentials.
"This campaign highlights how attackers can misuse legitimate cloud automation and workflow features to distribute phishing at scale without traditional spoofing," said Check Point.
While additional safeguards have already been implemented by Check Point against the attack, users have been urged to be vigilant of brand impersonations.
Abuse of Google Cloud's Application Integration Send Email task has allowed threat actors to deliver bogus no-reply emails purporting to be Google notifications regarding voicemail messages and file access that include links redirecting to another website with the googleusercontent[.]com top-level domain, according to Check Point Harmony Email Security researchers. Such a website uses CAPTCHA verification before redirecting to a fake Microsoft login page that sought to exfiltrate user credentials.
"This campaign highlights how attackers can misuse legitimate cloud automation and workflow features to distribute phishing at scale without traditional spoofing," said Check Point.
While additional safeguards have already been implemented by Check Point against the attack, users have been urged to be vigilant of brand impersonations.




