Malicious Actors Are Using These Free Google Services in Their Phishing Campaigns

The various free software and services that Google provides are great for people that need to get things done but don’t have the resources that are often required for heavy duty software and the like. That said, while these free services are definitely something that help to make the internet a lot more user friendly and aid all kinds of people in completing tasks and activities, there is a downside to these services being free for anybody to use and this downside is that malicious actors can easily use them to make their phishing campaigns seem a lot more legitimate than might have been the case otherwise.

According to Armorblox's finding, a common Google tool that is used in such exploits is Google Forms. It can be used to create forms that look quite legitimate, and malicious actors are adding the names of well known companies to their own forms to make it so that people would be less likely to hesitate before entering their personal details into these forms. This is similar to how Google Firebase is used as well. It can be used to create landing pages that are reminiscent of actual sites that you might be familiar with, thereby making you let your guard down and assume that everything that is happening here is entirely above board.

Another tool by Google that is often used by malicious actors is Google Sites. It can be used to create very real looking sites which might be simple but they would still have a lot in terms of dynamic content and interactivity. Once again, this site would be used to make it so that users would enter their personal details in the forms that are present on the page, thereby allowing the malicious actors to gain access to this information and subsequently access to the accounts said users might hold.

Perhaps the tool most commonly used in phishing attacks is Google Docs. This is particularly concerning because of the fact that Google Docs is not screened as heavily as other files since it is sent around on such a regular basis, thereby making it the perfect tool for malicious actors to end up using. While some might say that this sort of thing is inevitable with free services, others might argue that more need to be done to protect users and make it so that these tools can’t be used in phishing attacks.



Read next: Android Video Editing App With Over 100 Million Downloads is Stealing Money From Users
Previous Post Next Post