Site icon TheDailyCheck.net

These next-level phishing scams use PayPal or Google Docs to steal your data

Unidentified threat actors are leveraging legitimate services such as PayPal or Google Workspace to send out phishing emails and bypass virtually all email security solutions available today. 

A report from cybersecurity researchers Avanan has detailed how hackers managed to force these services to send out phishing email on their behalf, thus tricking email security solutions.

For criminals, the problem with phishing emails is that the domains from which they’re sent, the email’s subject lines, as well as the content, all get scanned by email security products and often don’t make it into the victim’s inbox. However, when that email comes from Google, the security product has no other choice but to let it through. 

Fake invoices

Now, if a threat actor creates a malicious Google Docs file with a link to a phishing site, and simply tags the victim in it, Google will send out the notification without raising any alarms. That document can be anything, from a fake invoice, to a fake notification of a service being renewed. Usually, the common denominator for all these emails is that something needs to be addressed urgently, otherwise the victim will lose money.

The same thing is with PayPal. An attacker can generate a fake invoice with a link to the phishing website in the invoice’s description, and just mail it via PayPal to the victim. 

Besides these two companies, threat actors have also been impersonating (opens in new tab) SharePoint, FedEx, Intuit, iCloud, and others, the researchers claim.

Most of the time, hackers engaged in phishing are looking for credentials to sensitive systems which they can later use to distribute more dangerous malware (for example, to run a ransomware operation). In other cases, they’d go after payment information, either to sell it on the black market, or to use it to fund illegal activities (such as DDoS-as-a-service, for example).

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@thedailycheck.net The content will be deleted within 24 hours.
Exit mobile version