Google: Hackers using Google Collection for phishing attacks: Report – Times of India

Google Collection is a tool that allows users to save links, images and videos and share them with others. According to a report by Checkpoint, hackers are using this tool to spread phishing. By leveraging the legitimacy of Google, hackers are reportedly hiding malicious links within legitimate sites. Hackers are using this BEC3.0 attack to trick users into giving up sensitive information.In this report,Harmony Email researchers have discussed how hackers are using Google Collection to share phishing links. The report claims that hackers are utilising Google pages to send links to fake cryptocurrency sites. As per the report, hackers are using email to harvest user credentials and are targeting end users with social engineering and BEC 3.0 techniques. The report also notes that Google has been informed about this research on July 5.

How hackers are using email to spread phishing attacks
The report notes that the first email received by the victims arrives in typical fashion, via a notification directly from Google. This is because the hacker shared the collection with the end user. The email comes from a [email protected] address. That address is legitimate and can be recognised by hackers and end-users alike. Users may also tend to click on the link as hovering over the URL will show a legitimate Googe link. Moreover, the emails are also redirecting users to a legitimate Google page.

Google Collections work with several different card-like figures. Users can also link to images, webpages, etc within that collection. However, clicking on the card is showing a suspicious link and message. The hackers want their victims to enter this link which looks like a Google form. Clicking this will redirect users to a fake cryptocurrency site, which will eventually steal money.

How to identify such an email
As shown in the images above, the bottom of the Google page tells an important distinction: “This content is neither created nor endorsed by Google.” Like many other sites, Google also allows users to put any content on their page and hackers are abusing this privilege by placing illegitimate, malicious sites.

The report also notes that hackers are nesting the malicious links to ensure that their payloads get to their target. For this, attackers are hiding these links in the third part. Seeing the Google links user may start trusting the links and hackers are leveraging this common confidence among users.