Phishing attacks hidden in Google Cloud Services
Cybercriminals are concealing phishing efforts behind legitimate resources like google cloud services.
Cybersecurity researchers have warned of a phishing campaign that uses Google Cloud Services and offers legitimate PDF whitepapers to victims that give away their login credentials.
According to the researchers, it all starts with a PDF document uploaded to Google Drive which contains a link to a phishing page. The landing page, hosted on storage.google requires the user to log in with their Office 365 or organization email.
As the victim gives away their login credentials, they are redirected to a genuine PDF report published by a “renowned global consulting firm.”
Researchers claim that the user never becomes suspicious as the phishing page is hosted on Google Cloud Storage.
“Hackers are swarming around the cloud storage services that we rely on and trust, making it much tougher to identify a phishing attack,” said Lotem Finkelsteen, Manager of Threat Intelligence at Check Point.
Cybercrimes are skyrocketing. Users of Google Cloud Platform should all beware of this fast-growing trend and learn how to protect themselves. One should think twice about the files they receive from senders.