1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • These next-level phishing scams use PayPal or Google Docs to stea

    From TechnologyDaily@1337:1/100 to All on Fri Mar 24 16:15:03 2023
    These next-level phishing scams use PayPal or Google Docs to steal your data

    Date:
    Fri, 24 Mar 2023 16:09:20 +0000

    Description:
    What if your next phishing attack came straight from Google? Would you click that link? Hackers are betting on it.

    FULL STORY ======================================================================

    Unidentified threat actors are leveraging legitimate services such as PayPal or Google Workspace to send out phishing emails and bypass virtually all
    email security solutions available today.

    A report from cybersecurity researchers Avanan has detailed how hackers managed to force these services to send out phishing email on their behalf, thus tricking email security solutions.

    For criminals, the problem with phishing emails is that the domains from
    which theyre sent, the emails subject lines, as well as the content, all get scanned by email security products and often dont make it into the victims inbox. However, when that email comes from Google, the security product has
    no other choice but to let it through. Fake invoices

    Now, if a threat actor creates a malicious Google Docs file with a link to a phishing site, and simply tags the victim in it, Google will send out the notification without raising any alarms. That document can be anything, from
    a fake invoice, to a fake notification of a service being renewed. Usually, the common denominator for all these emails is that something needs to be addressed urgently, otherwise the victim will lose money.

    The same thing is with PayPal. An attacker can generate a fake invoice with a link to the phishing website in the invoices description, and just mail it
    via PayPal to the victim. Read more

    What is phishing and how dangerous is it?


    Everything you need to know about phishing


    Here's our list of the best endpoint protection services around

    Besides these two companies, threat actors have also been impersonating SharePoint, FedEx, Intuit, iCloud, and others, the researchers claim.

    Most of the time, hackers engaged in phishing are looking for credentials to sensitive systems which they can later use to distribute more dangerous malware (for example, to run a ransomware operation). In other cases, theyd
    go after payment information, either to sell it on the black market, or to
    use it to fund illegal activities (such as DDoS-as-a-service, for example). Check out the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/these-next-level-phishing-scams-use-paypal-or-g oogle-docs-to-steal-your-data


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)