Site icon News Update

Google: Hackers using Google Collection for phishing attacks: Report – Times of India

Google Collection is a tool that allows users to save links, images and videos and share them with others. According to a report by Checkpoint, hackers are using this tool to spread phishing. By leveraging the legitimacy of Google, hackers are reportedly hiding malicious links within legitimate sites. Hackers are using this BEC3.0 attack to trick users into giving up sensitive information.In this report,Harmony Email researchers have discussed how hackers are using Google Collection to share phishing links. The report claims that hackers are utilising Google pages to send links to fake cryptocurrency sites. As per the report, hackers are using email to harvest user credentials and are targeting end users with social engineering and BEC 3.0 techniques. The report also notes that Google has been informed about this research on July 5.

How hackers are using email to spread phishing attacks
The report notes that the first email received by the victims arrives in typical fashion, via a notification directly from Google. This is because the hacker shared the collection with the end user. The email comes from a no-reply@google.com address. That address is legitimate and can be recognised by hackers and end-users alike. Users may also tend to click on the link as hovering over the URL will show a legitimate Googe link. Moreover, the emails are also redirecting users to a legitimate Google page.

Google Collections work with several different card-like figures. Users can also link to images, webpages, etc within that collection. However, clicking on the card is showing a suspicious link and message. The hackers want their victims to enter this link which looks like a Google form. Clicking this will redirect users to a fake cryptocurrency site, which will eventually steal money.

How to identify such an email
As shown in the images above, the bottom of the Google page tells an important distinction: “This content is neither created nor endorsed by Google.” Like many other sites, Google also allows users to put any content on their page and hackers are abusing this privilege by placing illegitimate, malicious sites.

The report also notes that hackers are nesting the malicious links to ensure that their payloads get to their target. For this, attackers are hiding these links in the third part. Seeing the Google links user may start trusting the links and hackers are leveraging this common confidence among users.

function loadGtagEvents(isGoogleCampaignActive) { if (!isGoogleCampaignActive) { return; } var id = document.getElementById('toi-plus-google-campaign'); if (id) { return; } (function(f, b, e, v, n, t, s) { t = b.createElement(e); t.async = !0; t.defer = !0; t.src = v; t.id = 'toi-plus-google-campaign'; s = b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t, s); })(f, b, e, 'https://www.googletagmanager.com/gtag/js?id=AW-877820074', n, t, s); };

window.TimesApps = window.TimesApps || {}; var TimesApps = window.TimesApps; TimesApps.toiPlusEvents = function(config) { var isConfigAvailable = "toiplus_site_settings" in f && "isFBCampaignActive" in f.toiplus_site_settings && "isGoogleCampaignActive" in f.toiplus_site_settings; var isPrimeUser = window.isPrime; if (isConfigAvailable && !isPrimeUser) { loadGtagEvents(f.toiplus_site_settings.isGoogleCampaignActive); loadFBEvents(f.toiplus_site_settings.isFBCampaignActive); } else { var JarvisUrl="https://jarvis.indiatimes.com/v1/feeds/toi_plus/site_settings/643526e21443833f0c454615?db_env=published"; window.getFromClient(JarvisUrl, function(config){ if (config) { loadGtagEvents(config?.isGoogleCampaignActive); loadFBEvents(config?.isFBCampaignActive); } }) } }; })( window, document, 'script', );

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@newsupdate.uk. The content will be deleted within 24 hours.
Exit mobile version