• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Office 365 Phishing Scam Leverages Google Cloud Services

Office 365 Phishing Scam Leverages Google Cloud Services

2020-07-21 by Keith Harlock

Office Phishing Cloud

Credential Phishing campaign uses Google Cloud Services to steal Office 365 logins

The threat actors are using cloud services to phish Microsoft Office 365 passwords. Cloud services like Google Drive were user to host a malicious PDF document while Google’s “storage.googleapis[.]com” hosted the credential phishing page.

This credential phishing scam uses a malicious pdf document that has been uploaded to Google Drive.  The pdf file prompts the reader to click on a link to gain access to the document. The “Access Document” link sends the victim to a phishing page hosted in Google Cloud Platform (httpx://storage.googleapis[.]com/asharepoint-unwearied-439052791/index.html)  After the page loads, it prompts the reader to log in using one of two options.

SharePoint Sign In CPR cloud-2
SharePoint Sign In Image Credit:Check Point

The victim is prompted to choose either “Sign in with Office 365” or “Sign in with organization ID”. Regardless of which option is chosen a window pops up and prompts the reader for their Microsoft Outlook username and password.  Cyber security researchers at Check Point described this tactic in a report.

READ: Microsoft Reports Massive Office 365 Phishing Campaign

After the credentials are entered, the victim’s information is sent to the threat actors and their MS Office account is compromised. However, to again reduce suspicion, the reader redirected to a legitimate PDF report published by a consulting firm.

Phishing page Google Cloud
Phishing page Google Cloud Image Credit: Check Point

“During all of these stages, the user never gets suspicious since the phishing page is hosted on Google Cloud Storage. However, viewing the phishing page’s source code has revealed that most of the resources are loaded from a website that belongs to the attackers, prvtsmtp[.]com” says the report.

Threat actors leverage well-known cloud services to increase the success of their scams. Although this Phishing campaign uses Google cloud to host a malicious document any cloud service could have been used. The goal is to bypass spam email and malware filters and instill trust in the reader. Cloud-based file storage sites like iCloud, Microsoft Azure, and Dropbox can all be used  by threat actors in this type of cyber attack.

How to protect against phishing

  1. Always scrutinize the sender of any email, even if they seem familiar. Threat actors use domain names that are closely named for legitimate, well-known companies and services. Often the sender’s email address is off by only one letter.
  2. Be sure to use a unique password for each online account you have. A password vault can help you remember them. Attackers can gain access to a low-level account (social media) and then use that password to hack their way into more valuable accounts like bank accounts and credit cards.
  3. Use an antivirus program to scan emails and alert you to suspicious senders, links, websites,  and email attachments.
  4. Be highly suspicious of any email that prompts you to act immediately, even if it’s from a service you do business with. Threat actors brand emails to look just like global well-known companies like Chase Bank and Microsoft Office to trick readers into following links in the scams.
  5. Think before you act. Threat actors craft the wording in a phishing email in hopes that the reader acts without thinking or scrutinizing the email and the links it contains. Take a minute to look carefully at the contents of all emails before you respond.
  6. Be wary of any links in emails especially if they’re asking you to reset a password or go to a website to avoid some sort of negative action. Often these links in phishing emails are cloaked or shortened to disguise the identity of the website they lead to.
  7. Be suspicious of any email that contains an attachment that you were not expecting  – even if the email appears to come from somebody you think you know. Call them and verify that they sent you an email with attachments before opening or downloading. Documents attached to emails can contain malware or links to malicious websites

Filed Under: News Tagged With: Microsoft

About Keith Harlock

Keith has 30 years of experience managing staff for the planning and design of highway, bridge and transportation-related projects and specialty structures. Keith oversees the development of and authors numerous reports on a variety of topics related to transportation engineering and has worked with several key clients on projects related to infrastructure security. Keith is a licensed professional engineer in the State of New York, currently a State Board member of the American Council of Engineering Companies of New York and is a licensed commercial pilot with an instrument rating. He resides in Western New York.


LinkedInTwitter

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version