Threat Management, Threat Intelligence, Cloud Security, Ransomware, Phishing

Official Google domain exploited in sweeping phishing campaign

Cybernews reports that nearly 3,200 Check Point customers have been targeted with 9,394 phishing emails with the official Google domain crafted through Google Cloud automation tool exploitation over the past two weeks.

Abuse of Google Cloud's Application Integration Send Email task has allowed threat actors to deliver bogus no-reply emails purporting to be Google notifications regarding voicemail messages and file access that include links redirecting to another website with the googleusercontent[.]com top-level domain, according to Check Point Harmony Email Security researchers. Such a website uses CAPTCHA verification before redirecting to a fake Microsoft login page that sought to exfiltrate user credentials.

"This campaign highlights how attackers can misuse legitimate cloud automation and workflow features to distribute phishing at scale without traditional spoofing," said Check Point.

While additional safeguards have already been implemented by Check Point against the attack, users have been urged to be vigilant of brand impersonations.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds