Emerging Cyber Threats: Phishing via Google Apps Script
Cybercriminals have discovered a new tactic for stealing Microsoft 365 accounts by leveraging Google Apps Script, as reported by TechRadar. This cloud platform, designed for task automation in Google services using JavaScript, has become a tool for phishing attacks.
Attackers send victims emails containing fake invoices from Google. Links in these emails lead to script[.]google[.]com, creating an illusion of legitimacy. When the victim clicks on it, a loading message appears. Clicking the button redirects the user to a counterfeit Microsoft 365 login page that closely resembles the genuine one. The entered credentials go straight to the hackers.
To better cover their tracks, the criminals configure the page to redirect the victim to the actual Microsoft 365 site as soon as the login details are entered.
Cybersecurity experts from Cofense have uncovered this scheme and are warning about its dangers. They advise against opening suspicious emails, particularly those containing unexpected invoices from Google. It is also crucial to verify email addresses and websites to avoid fraud.
