Harmony Email researchers recently spotted a worrying phishing campaign that spoofs Google Apps Script macros – a tool used to automate tasks in Google apps.
Google Apps Script macros are popular due to their abilities to automate workflows and integrate with various Google services, making them prime targets for cybercriminals.
The campaign in brief:
The campaign includes approximately 360 emails written in multiple languages, including English, Russian, Chinese, Arabic, Italian, German and French. These messages falsely claim to provide account details for a user registration that the recipient never made.
The campaign remains ongoing.
If employees fall victim to this email fraud, the risks to organizations include, but are not limited to, exposure of sensitive data, fraudulent transfer of funds, and operational disruption.
How does it work:
Electronic messages Phishing have a link in the subject field that points to a Google Apps Script page. On the page, users will find a deceptive URL that includes scrip.google.com.
The URL claims to be a "secure and reliable" payment service. Because its image does look legitimate, users are likely to be tricked and potentially reveal sensitive information.
Example Email:
Original Email phishing. Image courtesy of its researchers Harmony Email
Example of the "activate account" link. Image courtesy of its researchers Harmony Email
Detection Indicators:
To detect these types of threats, look for emails with subject fields that claim to provide "account information" for an unrecognized registration. URLs that include "scrip.google.com" but direct users to pages that ask for sensitive data are also red flags.
Coping strategies:
- Apply advanced email filtering. These are sophisticated cyber security tools that use algorithms and machine learning to detect and filter phishing emails
- Leverage tools address scanning URL in real time, which can detect and block links that direct users to malicious pages
- Use tools they use AI-powered Natural Language Processing (NLP) to analyze the context and intent of email content
- Get tools with embedded threat intelligence; powered by AI. This allows organizations to implement the most robust mitigation measures available at any given time
- Implement training tactics phishing awareness to increase employee knowledge of identifying suspicious emails and clarify internal reporting best practices
More information on the website:
Upon observing this attack, our cybersecurity researchers responded quickly, making Check Point customers protected against it.
Check Point customers remain protected from such attacks.
For more information on preventing advanced, evasive and sophisticated cyber threats, please click here