Unidentified attackers use legitimate services like PayPal and Google Workspace to send phishing emails, bypassing nearly all email security solutions available today.
A report by cybersecurity researcher Avanan details how hackers send phishing emails on behalf of these services to trick email security solutions.
For criminals, the problem with phishing emails is that the sending domain, email subject, and content are all scanned by email security products and often never reach the victim’s inbox. However, if the email came from Google, the security product would have no choice but to let it through.
fake invoice Today, an attacker can simply create a malicious Google Doc file containing links to phishing sites and tag victims within that file, and Google will send a notification without warning. That document could be anything from a bogus invoice to a bogus notice of service renewal. What all these emails usually have in common is that they need to be addressed urgently. Otherwise, the victim will lose money.
The same goes for PayPal. The attacker simply creates a fake invoice with a link to a phishing website in the invoice description and mails it to the victim via PayPal.
In addition to these two companies, attackers are also impersonating. (opens in new tab) SharePoint, FedEx, Intuit, iCloud, the researchers claim.
In most cases, hackers involved in phishing are looking for credentials to sensitive systems. This can later be used to distribute more dangerous malware (for example, to perform ransomware operations). Black He may also obtain payment information for sale on the Marketplace or for use to fund illegal activities (such as his DDoS as a Service).