Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Fresh Warnings Issued Over Abuse of Google Services

U.S. government agencies and cybersecurity companies are warning users and organizations about cybercriminals abusing Google services to achieve their goals.

FBI warns about Google Voice abuse

U.S. government agencies and cybersecurity companies are warning users and organizations about cybercriminals abusing Google services to achieve their goals.

FBI warns about Google Voice abuse

Google Voice is a service that provides Google customers a phone number that they can use for calling, text messaging and voicemail. It can be used to make free PC-to-phone calls within the U.S. and Canada.

Scammers have been contacting people who sell things on online marketplaces such as Craigslist, claiming to be interested in the item. However, before making a purchase, they claim they want to make sure the seller is a real person so they send them a text message with a Google Voice verification code and ask them to provide that code.

Once they have obtained the verification code, the scammer can create a Google Voice number linked to the victim’s real phone number. They can then use the phone number to scam others and hide their identity. The verification code can also be used to access and hijack the victim’s Gmail account, the FBI said.

The Federal Trade Commission (FTC) issued a warning for these Google Voice scams in late October, and the FBI issued a fresh warning this week, along with advice on how people can avoid getting scammed and how they can regain control of the Google Voice account.

Avanan warns of Google Docs abuse

Email security company Avanan on Thursday warned that threat actors have been abusing Google Docs to deliver phishing websites and malware.

Advertisement. Scroll to continue reading.

Attackers are creating a Google Docs document and adding a comment that mentions the email address of the targeted user. The target automatically receives an email from Google informing them about the comment.

The email includes the attacker’s comment, which can be a link to a malicious website, accompanied by a piece of text that attempts to convince the victim to click on the link.

Google Docs abused for phishing and malware delivery

This technique has been used since at least August 2020, and Google at the time promised to take measures. However, Avanan says Google still hasn’t fully addressed the issue and a new attack wave mainly targeting Outlook users was spotted by the cybersecurity firm in December 2021.

The company said the campaign had hit more than 500 inboxes across 30 tenants, with the attackers leveraging over 100 Gmail accounts.

“There are several ways that make this email difficult for scanners to stop and for end-users to spot,” Avanan explained. “For one, the notification comes directly from Google. Google is on most Allow Lists and is trusted by users. Secondly, the email doesn’t contain the attacker’s email address, just the display name. This makes it harder for anti-spam filters to judge, and even harder for the end-user to recognize.”

Related: Google Sees Increase in COVID-19 Phishing in Brazil, India, UK

Related: Google Sees Drop in Government-Backed Phishing Attempts

Related: Google Docs Phishing Scam Doused After Catching Fire

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights