- Hackers are hosting fake invoices on Google Apps script, experts warn
- The invoices are sent via E -Mail
- Victims redirected to a fake Microsoft 365 -Login -side
Threat actors have been viewed abuse by Google Apps script to launch compelling phishing -attack and steal People’s Microsoft 365 logging information.
CyberSecurity -Scientists Cofense recently discovered such a campaign in which Google Apps script used to host a fake invoice.
First, Crooks prepared the usual fake invoice -phishing -e -mail. The e -mail would carry a link to the invoice that, when hovering (or clicking), would point to the script[.]Google[.]com. In this way, the criminals would create a false sense of legitimacy with the victims who might think the invoice actually came from Google or a Google-affected service.
M365 credentials
Click the link opens a small destination page indicating “You have a pending download available” and a “Preview” button. #
The button leads to the actual malicious side that mimics the Microsoft 365 -Login side, almost to the last detail. Those who do not see the trick and try to log in end up passing their login credentials directly to the striker.
To better hide their tracks, the Crooks page created, so it redirects back to actual Microsoft 365 site as soon as the login -credentials are delivered.
Google Apps script is a cloud-based scripting platform that gives users automated tasks and expands Google Workspace apps such as Gmail, Docs, Sheets and Drive using JavaScript.
For example, a teacher could have a Google Sheet file with student qualities, and by using Google Apps script they would be able to send personalized E emails automatically and save hours of manual work.
“Phishing -e emails like these are a good example of how attackers take advantage of legitimate domains to make their fraud look more convincing,” Cofense’s researchers warned. “It is important to remain vigilant and educate employees about the risk of phishing -attack.”
