Beware, hackers are testing their new phishing method on iCloud, PayPal or Google Docs


Alexander Boero

March 23, 2023 at 4:15 p.m.

7

hacker hacking cyber © Shutterstock

© Shutterstock

For several weeks, a new phishing method, called “Phishing Scams 3.0”, has been used to carry out attacks on common services, by infiltrating the mailboxes of Internet users.

Hackers and other cyber attackers are constantly reinventing themselves as technologies evolve and awareness of cyber risk increases. Avanan, a subsidiary of cybersecurity specialist Check Point, learned this when it discovered an evolution in phishing attacks, which now rely on popular services and companies to infiltrate Internet users’ inboxes with legitimate addresses.

Google Docs, PayPal, iCloud… well-known services used by hackers

More specifically, this new method, called “Phishing Scams 3.0”, consists of hackers using legitimate services to launch their attack. Here, the target receives an email from a legitimate service, like Google Docs and PayPal, which contains a link that redirects the victim to a malicious site.

Besides PayPal and Google Docs, several other services have been identified. Hackers also pretend to be iCloud, FedEx, SharePoint, RingCentral or Intuit, to name a few. The process works in 4 major steps.

  1. First, the hacker creates a free account on the service he wants to use
  2. Then it finds emails to send mails to
  3. The cybercriminal creates a fake invoice, on which he states that the targeted user has been charged, or that a subscription is about to be renewed
  4. Then the hacker clicks on “send”

Attacks using perfectly legitimate email addresses

What you have to understand is that each time, the email address from which the malicious email is sent is perfectly legitimate. It contains the correct address, which allows the attacker to bypass detection and identification, and thus complicates the task of the stressed or unaware user, who is then more likely to click and go to the end of the process.

The researchers flushed out an email in which the hacker added a comment in Google Sheets. After creating a free Google account, he then created a sheet mentioning the intended target on it, who then receives a legitimate notification by email. There, the process begins. The same example exists with Google Docs.

google sheets hack

Trap set via Google Sheets, with another legitimate address © CheckPoint (pardon us for the quality of the picture)

It is rather difficult to flush out the trap. The URL is legitimate from the first analysis. But all is not perfect until the end in this attack, and fortunately! When you click on the link, you are redirected to a fake cryptocurrency site, which aims, for example, to steal credentials.

Example of PayPal © CheckPoint impersonation (sorry for the quality of the picture)

Over the past two months, Check Point has intercepted no fewer than 33,817 such email attacks. They almost systematically concern PayPal, Google Docs and, to a lesser extent, SharePoint and FedEx services.



Source link -99