Phishing Campaign Uses Google Drive to Bypass Email Gateways
upstart writes:
Submitted via IRC for SoyCow7671
Phishing Campaign Uses Google Drive to Bypass Email Gateways
A highly targeted phishing campaign was recently observed while bypassing a Microsoft email gateway using documents shared via the Google Drive service to target the staff of a company from the energy industry.
Google Drive is a file storage and synchronization service created by Google that enables its users to store files in the cloud and effortlessly synchronize them between devices and platforms. The documents used to link to the phishing landing page were delivered using Google Docs, Google's online word processor.
The phishing messages spotted by Cofense security researchers impersonated the CEO of the company and tried tricking the employees to open an "important message" shared via Google Docs, Google's online word processor.
"The email is legitimately sent by Google Drive to employees and appears to be shared on behalf of the CEO by an email address that does not fit the email naming convention of the targeted company," found Cofense.
This made it possible for the attackers to take advantage of Google's legitimate service to circumvent the phishing detection protection provided to the company by the Microsoft Exchange Online Protection cloud-based email filtering service.
In reality, the document linked to a Google Docs document which, in turn, redirected the potential victims to the attackers' phishing landing pages that would request them to enter their credentials to access the CEO's urgent message.
"The link within the email body is also hard to defend against because it links to an actual Google Drive share," also found the Cofense researchers.
Read more of this story at SoylentNews.