A spike in recent phishing attacks can be traced back to criminals learning how to exploit Google Services.
Social distancing has meant entire businesses are relying on the Google ecosystem to provide a reliable way to digitise the traditional office. Recently a report has been published detailing how services like Google Forms, Google Docs, and others are being used by malicious actors to give their spoofing attempts a false sense of legitimacy. This is a tactic that attackers are using and is starting to trend in the cyber–crime world.
At the beginning of November, researchers found 265 Google Forms impersonating telecom brands, banking companies , and even government agencies that were being used in phishing attacks. The forms were removed by Google after researchers reported them. Scammers were also found to be using a legitimate Google Drive collaboration tool to trick victims into clicking on malicious links. Even Google Calendar has been abused in the past, in a sophisticated cyberattack that targeted mobile Gmail users through fraudulent, unsolicited meeting notifications in Q1 of 2020. For its part, Google stresses the company is taking every measure to keep malicious actors off their platforms.
Phishing emails are one of the biggest threats to companies with over 3.4 billion potential phishing emails being sent every day with a success rate of 55% globally over a 12-month period. And with phishing emails growing in complexity every day it is becoming more and more important to be educated on what to look out for when dealing with email security, as even dedicated filters can miss some of the sophisticated templates.
You can help yourself by looking out for tell-tale signs of a phishing email, such as:
-
Always check the email address that sent the email, not just the sender’s name.
-
Never click links in emails unless you are certain the email is legitimate.
-
If the email appears to be ‘too good to be true’ it most likely is.
To find out how Cyber Wise can help your business resilience, click here.