Unidentified cybercriminals use legitimate services like PayPal or Google Workspace to send phishing emails and evade virtually all email security solutions available today.
A report by cybersecurity researcher Avanan details how hackers managed to get these services to send phishing emails on their behalf, thus tricking email security solutions.
For criminals, the problem with phishing emails is that sending domains, email subject lines, and content are scanned by email security products and often miss the victim’s inbox. However, when this email comes from Google, the security product has no choice but to let it through.
Now, if a cybercriminal creates a malicious Google Docs file with a link to a phishing site and simply tags the victim in it, Google will send a notification without raising any alerts. This document can be anything from a fake invoice to a fake service renewal notification. Typically, the common denominator of all these emails is that something needs to be done urgently, otherwise the victim will lose money.
It’s the same with PayPal. The attacker can generate a fake invoice with a link to the phishing page in the invoice description and simply mail it via PayPal to the victim.
In addition to these two companies, there are also cybercriminals impersonating themselves (opens in a new tab) Researchers say SharePoint, FedEx, Intuit, iCloud and others.
In most cases, hackers involved in phishing search for credentials to vulnerable systems that they can later use to distribute more dangerous malware (for example, to carry out ransomware operations). In other cases, they sought payment information to sell it on the black market or use it to finance illegal activities (such as DDoS-as-a-service, for example).