Phishing

New phishing method attacks: iCloud, PayPal, Google Docs

Check Point Software's Avanan is reporting a new development in phishing attacks that appears to be using everyday services like iCloud, PayPal, Google Docs and FedEx to infiltrate users' inboxes and launch attacks . This method is called “Phishing Scams 3.0” and does not require the creation of code, but simply a free account to carry out the attack.

  • 33.817 email attacks were observed in the last two months

  • The iCloud is the most impersonated service

  • Other influencer services: PayPal, Google Docs, SharePoint, Fedex, Intuit and other

How does it work:

1. The hacker creates a free account (for example) on PayPal

2. The hacker finds email addresses to send.

3. The hacker creates a fake invoice that either concerns a user charge or a renewal process

4. The hacker clicks send. 

In Numbers

In the last two months of February and March, investigators have seen us in total 33.817 email attacks, all impersonating legitimate, popular companies and services.

num

Comment of Jeremy Fuchs, Representative Press of Avanan, company of Check Point Software:

"Scams using the intermediary method, "Business Email Compromise (BEC), have evolved again. A traditional attack BEC it relies on the ability to look like someone with authority within a company or a trusted external partner. Attacks then shifted to a method where an attacker compromises an account, belonging to an organization or one of its partner organizations, and uses it to enter legitimate threads (threads) email, responding as if they were employees. Now, we're seeing something completely new, where attackers are using actual legitimate services to execute their attack. In such scams, the victim receives an email from a completely legitimate service (e.g. PayPal, Google Docs), which includes a link to a malicious website. In the last two months of February and March, our researchers have seen a total of 33.817 email attacks, all impersonating legitimate, popular companies and services. We call this new style of cyber attacks 'Phishing Scams 3.0 ' ή BEC Firm Impersonation. It is important to note that there is nothing malicious about these popular sites, nor is there any vulnerability. Instead, hackers use the legitimacy of these services to get into the inbox. I strongly encourage users to implement two-factor authentication and use email filters to protect against this style of attack.

Cyber ​​Security Tips:

1. Use anti-phishing protection

2. Education and training of employees

3. Segregate tasks

4. Check every external email

Examples:

In the following example the hacker has added a comment to the Google sheets. All he has to do is create a free Google account. Then he can create a Google Sheet and state the intended objective. The recipient receives an email notification.

qa

For the end user, this is a pretty standard email, especially if they are using Google Workspace. (And even if it doesn't, it's standard since many organizations use Google Workspace and Microsoft 365).

Here's another example, this time using Google Docs.

qa1

This is from a legitimate sender – Google. The URL, which is a script.google.com URL, is also legitimate on first scan. This is because this domain is legit.

However, when you click on it, it redirects to a fake crypto site. These fake cryptocurrency websites work in certain ways. They can be simple phishing sites where credentials will be stolen. Or there are a variety of other options, be it straight stealing or crypto mining.

qa2

Example impersonation PayPal

qa3

Example impersonation SharePoint

qa4

Phishing link hosted on SharePoint

In all recorded examples, the email address from which the email was sent appeared perfectly legitimate and contained the “correct” addresses, making detection and identification much more difficult for the average receiving user.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.097 registrants.
phishing, iCloud, PayPal, Google Docs, hackers

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).